[PATCH] Core: fixed potential memory leak in ngx_core_module_create_conf()
Roman Arutyunyan
arut at nginx.com
Mon Sep 12 08:43:39 UTC 2022
Hi,
On Fri, Sep 09, 2022 at 11:01:09PM +0800, 张桐 wrote:
> # HG changeset patch
> # User Tong Zhang <zhangtong2017 at whu.edu.cn>
> # Date 1662734441 -28800
> # Fri Sep 09 22:40:41 2022 +0800
> # Node ID a1a31f97ae70621282ad04302acdb6c9def306f7
> # Parent ba5cf8f73a2d0a3615565bf9545f3d65216a0530
> Core: fixed potential memory leak in ngx_core_module_create_conf().
>
> When "ngx_array_init" failed and returns a NULL, the object held by "ccf" may be leaked.
>
> diff -r ba5cf8f73a2d -r a1a31f97ae70 src/core/nginx.c
> --- a/src/core/nginx.c Thu Sep 08 13:53:49 2022 +0400
> +++ b/src/core/nginx.c Fri Sep 09 22:40:41 2022 +0800
> @@ -1076,6 +1076,7 @@
> if (ngx_array_init(&ccf->env, cycle->pool, 1, sizeof(ngx_str_t))
> != NGX_OK)
> {
> + ngx_pfree(cycle->pool, ccf);
> return NULL;
> }
The ccf object is allocated from cycle->pool and will be freed automatically
when the pool is destroyed, which will quickly happen after this error.
Also, ngx_pfree() only works for large objects. For cycle pools 'large' means
bigger than 16K. An ngx_core_conf_t object is smaller than that, which means
that nothing will be freed anyway.
If you're interested in getting more information about nginx pools, visit
nginx development guide:
https://nginx.org/en/docs/dev/development_guide.html#pool
--
Roman Arutyunyan
More information about the nginx-devel
mailing list