[PATCH] Core: fixed potential memory leak in ngx_core_module_create_conf()

Roman Arutyunyan arut at nginx.com
Mon Sep 12 08:43:39 UTC 2022


Hi,

On Fri, Sep 09, 2022 at 11:01:09PM +0800, 张桐 wrote:
> # HG changeset patch
> # User Tong Zhang <zhangtong2017 at whu.edu.cn>
> # Date 1662734441 -28800
> #      Fri Sep 09 22:40:41 2022 +0800
> # Node ID a1a31f97ae70621282ad04302acdb6c9def306f7
> # Parent  ba5cf8f73a2d0a3615565bf9545f3d65216a0530
> Core: fixed potential memory leak in ngx_core_module_create_conf().
> 
> When "ngx_array_init" failed and returns a NULL, the object held by "ccf" may be leaked.
> 
> diff -r ba5cf8f73a2d -r a1a31f97ae70 src/core/nginx.c
> --- a/src/core/nginx.c  Thu Sep 08 13:53:49 2022 +0400
> +++ b/src/core/nginx.c  Fri Sep 09 22:40:41 2022 +0800
> @@ -1076,6 +1076,7 @@
>      if (ngx_array_init(&ccf->env, cycle->pool, 1, sizeof(ngx_str_t))
>          != NGX_OK)
>      {
> +        ngx_pfree(cycle->pool, ccf);
>          return NULL;
>      }

The ccf object is allocated from cycle->pool and will be freed automatically
when the pool is destroyed, which will quickly happen after this error.

Also, ngx_pfree() only works for large objects.  For cycle pools 'large' means
bigger than 16K.  An ngx_core_conf_t object is smaller than that, which means
that nothing will be freed anyway.

If you're interested in getting more information about nginx pools, visit
nginx development guide:

https://nginx.org/en/docs/dev/development_guide.html#pool

--
Roman Arutyunyan



More information about the nginx-devel mailing list