[nginx] Fixed segfault if regex studies list allocation fails.
Sergey Kandaurov
pluknet at nginx.com
Tue Apr 18 16:11:42 UTC 2023
details: https://hg.nginx.org/nginx/rev/77d5c662f3d9
branches:
changeset: 8163:77d5c662f3d9
user: Maxim Dounin <mdounin at mdounin.ru>
date: Tue Apr 18 06:28:46 2023 +0300
description:
Fixed segfault if regex studies list allocation fails.
The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(),
and this used to cause NULL pointer dereference if allocation
failed. Fix is to set cleanup handler only when allocation succeeds.
diffstat:
src/core/ngx_regex.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diffs (21 lines):
diff -r 252a7acd35ce -r 77d5c662f3d9 src/core/ngx_regex.c
--- a/src/core/ngx_regex.c Mon Apr 17 14:08:00 2023 +0400
+++ b/src/core/ngx_regex.c Tue Apr 18 06:28:46 2023 +0300
@@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle
return NULL;
}
- cln->handler = ngx_regex_cleanup;
- cln->data = rcf;
-
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
if (rcf->studies == NULL) {
return NULL;
}
+ cln->handler = ngx_regex_cleanup;
+ cln->data = rcf;
+
ngx_regex_studies = rcf->studies;
return rcf;
More information about the nginx-devel
mailing list