Thread Pool memory ownership

Mathew Heard mat999 at gmail.com
Tue May 30 15:26:35 UTC 2023


Hi,

I've been going through the threadpool code for native modules in an
attempt to fix a third party module with what appears to be a
use-after free error looking for inspiration.

I thought I would see a strategy to prevent thread pool tasks that are
in the queue for processing being freed when the request / connection
their memory is allocated from is cleared but I'm not.

For example there does not for example appear to be any protection
against linux sendfile tasks from reading memory allocated from the
ngx_connection_t if the connection is closed while the task is in the
task queue.

Is this correct? Is this a bug?

Regards,
Mathew


More information about the nginx-devel mailing list