Memory Leak Issue in Nginx PCRE2

上勾拳 jt26wzz at gmail.com
Thu Oct 12 15:02:16 UTC 2023


Dear Maxim,

Thanks for your response. I have tested your patch, and it worked well in
my case. Absolutely, it should not handle ngx_regex_compile_context in
ngx_regex_module_init(), which is more elegant. Thank you for your
attention once again.

Best regards,
Zhenzhong


上勾拳 <jt26wzz at gmail.com> 于2023年9月27日周三 01:13写道:

> Dear Nginx Developers,
>
> I hope this email finds you well. I am reaching out to the mailing list
> for the first time to report and discuss an issue I encountered while
> working on supporting PCRE2 in OpenResty. If I have made any errors in my
> reporting or discussion, please do not hesitate to provide feedback. Your
> guidance is greatly appreciated.
>
> During my recent work, I used the sanitizer to inspect potential issues,
> and I identified a small memory leak in the PCRE2 code section of Nginx.
> While this issue does not seem to be critical, it could potentially disrupt
> memory checking tools. To help you reproduce the problem, I have included a
> minimal configuration below. Please note that this issue occurs when Nginx
> is configured to use PCRE2, and the version is 1.22.1 or higher.
>
> *Minimal Configuration for Reproduction:*
> worker_processes  1;
> daemon off;
> master_process off;
> error_log
> /home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/servroot/logs/error.log
> debug;
> pid
> /home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/servroot/logs/nginx.pid;
>
> http {
>     access_log
> /home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/servroot/logs/access.log;
>     #access_log off;
>     default_type text/plain;
>     keepalive_timeout  68000ms;
>     server {
>         listen          1984;
>         #placeholder
>         server_name     'localhost';
>
>         client_max_body_size 30M;
>         #client_body_buffer_size 4k;
>
>         # Begin preamble config...
>
>         # End preamble config...
>
>         # Begin test case config...
>
>         location ~ '^/[a-d]$' {
>             return 200;
>         }
>     }
> }
> events {
>     accept_mutex off;
>
>     worker_connections  64;
> }
>
> *nginx -V :*
> nginx version: nginx/1.25.1 (no pool)
> built by gcc 11.4.1 20230605 (Red Hat 11.4.1-2) (GCC)
> built with OpenSSL 1.1.1u  30 May 2023
> TLS SNI support enabled
> configure arguments:
> --prefix=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/work/nginx
> --with-threads --with-pcre-jit --with-ipv6
> --with-cc-opt='-fno-omit-frame-pointer -fsanitize=address
> -DNGX_LUA_USE_ASSERT -I/opt/pcre2/include -I/opt/ssl/include'
> --with-http_v2_module --with-http_v3_module --with-http_realip_module
> --with-http_ssl_module
> --add-module=/home/zhenzhongw/code/pcre_pr/ndk-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/set-misc-nginx-module
> --with-ld-opt='-fsanitize=address -L/opt/pcre2/lib -L/opt/ssl/lib
> -Wl,-rpath,/opt/pcre2/lib:/opt/drizzle/lib:/opt/ssl/lib'
> --without-mail_pop3_module --without-mail_imap_module
> --with-http_image_filter_module --without-mail_smtp_module --with-stream
> --with-stream_ssl_module --without-http_upstream_ip_hash_module
> --without-http_memcached_module --without-http_auth_basic_module
> --without-http_userid_module --with-http_auth_request_module
> --add-module=/home/zhenzhongw/code/pcre_pr/echo-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/memc-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/srcache-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/lua-upstream-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/headers-more-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/drizzle-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/rds-json-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/coolkit-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/redis2-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/stream-lua-nginx-module
> --add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/data/fake-module
> --add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/data/fake-shm-module
> --add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/data/fake-delayed-load-module
> --with-http_gunzip_module --with-http_dav_module --with-select_module
> --with-poll_module --with-debug --with-poll_module --with-cc=gcc
>
> *The sanitizer tool reported the following error message: *
> =================================================================
> ==555798==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 72 byte(s) in 1 object(s) allocated from:
>     #0 0x7f502f6b4a07 in __interceptor_malloc (/lib64/libasan.so.6+0xb4a07)
>     #1 0x4a1737 in ngx_alloc src/os/unix/ngx_alloc.c:22
>     #2 0x525796 in ngx_regex_malloc src/core/ngx_regex.c:509
>     #3 0x7f502f3e745e in _pcre2_memctl_malloc_8
> (/opt/pcre2/lib/libpcre2-8.so.0+0x1145e)
>     #4 0x5771ad in ngx_http_regex_compile
> src/http/ngx_http_variables.c:2555
>     #5 0x536088 in ngx_http_core_regex_location
> src/http/ngx_http_core_module.c:3263
>     #6 0x537f94 in ngx_http_core_location
> src/http/ngx_http_core_module.c:3115
>     #7 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
>     #8 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
>     #9 0x5391ec in ngx_http_core_server
> src/http/ngx_http_core_module.c:2991
>     #10 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
>     #11 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
>     #12 0x528e4c in ngx_http_block src/http/ngx_http.c:239
>     #13 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
>     #14 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
>     #15 0x463f74 in ngx_init_cycle src/core/ngx_cycle.c:284
>     #12 0x528e4c in ngx_http_block src/http/ngx_http.c:239
>     #13 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
>     #14 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
>     #15 0x463f74 in ngx_init_cycle src/core/ngx_cycle.c:284
>     #16 0x4300c7 in main src/core/nginx.c:295
>     #17 0x7ff31a43feaf in __libc_start_call_main (/lib64/libc.so.6+0x3feaf)
>
> SUMMARY: AddressSanitizer: 72 byte(s) leaked in 1 allocation(s).
>
> *I have created a patch to address this memory leak issue, which I am
> sharing below:*
> diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
> index 91381f499..71f583789 100644
> --- a/src/core/ngx_regex.c
> +++ b/src/core/ngx_regex.c
> @@ -600,6 +600,8 @@ ngx_regex_cleanup(void *data)
>       * the new cycle, these will be re-allocated.
>       */
>
> +    ngx_regex_malloc_init(NULL);
> +
>      if (ngx_regex_compile_context) {
>          pcre2_compile_context_free(ngx_regex_compile_context);
>          ngx_regex_compile_context = NULL;
> @@ -611,6 +613,8 @@ ngx_regex_cleanup(void *data)
>          ngx_regex_match_data_size = 0;
>      }
>
> +    ngx_regex_malloc_done();
> +
>  #endif
>  }
>
> @@ -706,7 +710,13 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
>      ngx_regex_malloc_done();
>
>      ngx_regex_studies = NULL;
> +
>  #if (NGX_PCRE2)
> +    if (ngx_regex_compile_context) {
> +        ngx_regex_malloc_init(NULL);
> +        pcre2_compile_context_free(ngx_regex_compile_context);
> +        ngx_regex_malloc_done();
> +    }
>      ngx_regex_compile_context = NULL;
>  #endif
>
> I kindly request your assistance in reviewing this matter and considering
> the patch for inclusion in Nginx. If you have any questions or need further
> information, please feel free to reach out to me. Your expertise and
> feedback are highly valuable in resolving this issue.
>
> Thank you for your time and attention to this matter.
>
> Best regards,
> ZhenZhong
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231012/a58b8446/attachment.htm>


More information about the nginx-devel mailing list