Seg fault in http read event handler caused by rouge event call without context

Sergey Brester serg.brester at sebres.de
Mon Nov 18 19:05:39 UTC 2019


 

18.11.2019 18:11, Maxim Dounin wrote: 

> Hello!
> 
> On Mon, Nov 18, 2019 at 05:48:46PM +0100, Sergey Brester wrote:
> 
>> Looks like [efd71d49bde0 [2]] could be indeed responsible for that: I see at least one state where rev->ready could remain 1 (after rev->available gets 0) e. g. deviation between blocks [efd71d49bde0#l10.8 [3]] and [efd71d49bde0#l11.8 [4]] where first did not reset rev->ready and for example if ngx_socket_nread in [efd71d49bde0#l10.38 [5]] would write 0 into rev->available, so rev->ready remains 1 yet.
> 
> There is no deviation here. The rev->available field holds the 
> number of bytes available for reading (or -1 if it's not known), 
> while rev->ready indicates if reading is possible. The reading 
> can be possible even WHEN REV->AVAILABLE IS ZERO - notably, when 
> there is a potential pending EOF.

Sure, 
but I told about the case where rev->ready indicates the READING IS
POSSIBLE, 
but REV->AVAILABLE IS LESS AS ZERO. 

If you mean this is to noglect, then it is ok, but somehow it looks
backwards incompatible to me.
At least other async-IO procedures (for example KQUEUE [1]) handle this
differently. 

Anyway I saw never REV->AVAILABLE LESS AS ZERO, if rev->ready got 1
until now.

Regards,
Sergey. 

Links:
------
[1]
https://github.com/nginx/nginx/commit/fac4c7bdf53ee7d8fec6568f1e9fecefcde6feba#diff-0b707fd972a54f561081982c62457febR155-R158
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20191118/b97a3cb4/attachment.htm>


More information about the nginx-devel mailing list