Thread Pool memory ownership

Mathew Heard mat999 at
Tue May 30 15:26:35 UTC 2023


I've been going through the threadpool code for native modules in an
attempt to fix a third party module with what appears to be a
use-after free error looking for inspiration.

I thought I would see a strategy to prevent thread pool tasks that are
in the queue for processing being freed when the request / connection
their memory is allocated from is cleared but I'm not.

For example there does not for example appear to be any protection
against linux sendfile tasks from reading memory allocated from the
ngx_connection_t if the connection is closed while the task is in the
task queue.

Is this correct? Is this a bug?


More information about the nginx-devel mailing list