PATCH: Initialize 'ch' with 'ngx_memzero' to prevent the use of uninitialized bytes.
Ruslan Ermilov
ru at nginx.com
Thu Apr 22 13:22:11 UTC 2021
On Thu, Apr 15, 2021 at 08:59:16AM +0000, 囧 尼 wrote:
> # HG changeset patch
> # User Johnny Wang <johnnywang1991 at msn.com>
> # Date 1618472983 -28800
> # Thu Apr 15 15:49:43 2021 +0800
> # Node ID a5903fe55622e839906e9544c1a08a66c1e0cf91
> # Parent b56c45e3bd5029f98e1e847eebad75430e2cca27
> Initialize 'ch' with 'ngx_memzero' to prevent the use of uninitialized bytes.
>
> I found the following error when running nginx with valgrind:
>
> ==31539== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
> ==31539== at 0x5047C50: __sendmsg_nocancel (in /lib64/libpthread-2.17.so)
> ==31539== by 0x44A6F8: ngx_write_channel (ngx_channel.c:79)
> ==31539== by 0x44C19A: ngx_pass_open_channel (ngx_process_cycle.c:481)
> ==31539== by 0x44C21A: ngx_start_worker_processes (ngx_process_cycle.c:385)
> ==31539== by 0x44E0BA: ngx_master_process_cycle (ngx_process_cycle.c:241)
> ==31539== by 0x424719: main (nginx.c:386)
> ==31539== Address 0x1ffefffabc is on thread 1's stack
> ==31539== in frame #2, created by ngx_pass_open_channel (ngx_process_cycle.c:455)
> ==31539==
> {
> <insert_a_suppression_name_here>
> Memcheck:Param
> sendmsg(msg.msg_iov[0])
> fun:__sendmsg_nocancel
> fun:ngx_write_channel
> fun:ngx_pass_open_channel
> fun:ngx_start_worker_processes
> fun:ngx_master_process_cycle
> fun:main
> }
>
> diff -r b56c45e3bd50 -r a5903fe55622 src/os/unix/ngx_process_cycle.c
> --- a/src/os/unix/ngx_process_cycle.c Tue Apr 13 18:13:59 2021 +0300
> +++ b/src/os/unix/ngx_process_cycle.c Thu Apr 15 15:49:43 2021 +0800
> @@ -398,6 +398,8 @@
> ngx_int_t i;
> ngx_channel_t ch;
> + ngx_memzero(&ch, sizeof(ngx_channel_t));
> +
> ch.command = NGX_CMD_OPEN_CHANNEL;
> ch.pid = ngx_processes[ngx_process_slot].pid;
> ch.slot = ngx_process_slot;
>
http://hg.nginx.org/nginx/rev/f2ff291bbdac
More information about the nginx-devel
mailing list