Potential bug in ngx_event.c

Maxim Dounin mdounin at mdounin.ru
Fri Aug 30 14:19:29 UTC 2019


On Fri, Aug 23, 2019 at 11:00:41AM -0700, Rian Hunter wrote:

> While browsing the source I noticed something that seemed wrong, even 
> though I haven't observed any buggy behavior or have reproduced this bug 
> myself. In ngx_event.c there is a line:
>      if (ngx_shmtx_create(&ngx_accept_mutex, (ngx_shmtx_sh_t *) shared,
>                           cycle->lock_file.data)
>          != NGX_OK)
>      {
>          return NGX_ERROR;
>      }
> ngx_shmtx_create() is passed &ngx_accept_mutex, but this must be a 
> pointer to a shared memory region otherwise the sem_wait()/sem_post() 
> calls in ngx_shmtx.c will not function correctly. &ngx_accept_mutex is a 
> pointer to BSS, ngx_accept_mutex_ptr is a pointer to shared memory. Is 
> this intentional?

Yes, this is intentional.

The first agument of the ngx_shmtx_create() function is a pointer 
to the ngx_shmtx_t structure, which is not expected to be shared 
between processes.  Copy of the structure as created by fork() is 

Only ngx_shmtx_sh_t - which is used to store atomic variables with 
lock and wait counter - needs to be shared.  And it is shared, as 
"(ngx_shmtx_sh_t *) shared" is used as the second argument.

Maxim Dounin

More information about the nginx-devel mailing list