[nginx] HTTP/2: fixed segfault when memory allocation failed.
Valentin Bartenev
vbart at nginx.com
Tue May 23 17:19:54 UTC 2017
details: http://hg.nginx.org/nginx/rev/b624fbf7bee2
branches:
changeset: 7004:b624fbf7bee2
user: Valentin Bartenev <vbart at nginx.com>
date: Tue May 23 20:19:39 2017 +0300
description:
HTTP/2: fixed segfault when memory allocation failed.
If allocation of cleanup handler in the HTTP/2 header filter failed, then
a stream might be freed with a HEADERS frame left in the output queue.
Now the HEADERS frame is accounted in the queue before trying to allocate
the cleanup handler.
diffstat:
src/http/v2/ngx_http_v2_filter_module.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (21 lines):
diff -r 7943298d4ac0 -r b624fbf7bee2 src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Mon May 22 16:34:47 2017 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Tue May 23 20:19:39 2017 +0300
@@ -619,6 +619,8 @@ ngx_http_v2_header_filter(ngx_http_reque
ngx_http_v2_queue_blocked_frame(r->stream->connection, frame);
+ r->stream->queued = 1;
+
cln = ngx_http_cleanup_add(r, 0);
if (cln == NULL) {
return NGX_ERROR;
@@ -627,8 +629,6 @@ ngx_http_v2_header_filter(ngx_http_reque
cln->handler = ngx_http_v2_filter_cleanup;
cln->data = r->stream;
- r->stream->queued = 1;
-
fc->send_chain = ngx_http_v2_send_chain;
fc->need_last_buf = 1;
More information about the nginx-devel
mailing list