Memory Leak Issue in Nginx PCRE2

上勾拳 jt26wzz at gmail.com
Tue Sep 26 17:13:44 UTC 2023 

Dear Nginx Developers,

I hope this email finds you well. I am reaching out to the mailing list for
the first time to report and discuss an issue I encountered while working
on supporting PCRE2 in OpenResty. If I have made any errors in my reporting
or discussion, please do not hesitate to provide feedback. Your guidance is
greatly appreciated.

During my recent work, I used the sanitizer to inspect potential issues,
and I identified a small memory leak in the PCRE2 code section of Nginx.
While this issue does not seem to be critical, it could potentially disrupt
memory checking tools. To help you reproduce the problem, I have included a
minimal configuration below. Please note that this issue occurs when Nginx
is configured to use PCRE2, and the version is 1.22.1 or higher.

*Minimal Configuration for Reproduction:*
worker_processes  1;
daemon off;
master_process off;
error_log
/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/servroot/logs/error.log
debug;
pid
/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/servroot/logs/nginx.pid;

http {
    access_log
/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/servroot/logs/access.log;
    #access_log off;
    default_type text/plain;
    keepalive_timeout  68000ms;
    server {
        listen          1984;
        #placeholder
        server_name     'localhost';

        client_max_body_size 30M;
        #client_body_buffer_size 4k;

        # Begin preamble config...

        # End preamble config...

        # Begin test case config...

        location ~ '^/[a-d]$' {
            return 200;
        }
    }
}
events {
    accept_mutex off;

    worker_connections  64;
}

*nginx -V :*
nginx version: nginx/1.25.1 (no pool)
built by gcc 11.4.1 20230605 (Red Hat 11.4.1-2) (GCC)
built with OpenSSL 1.1.1u  30 May 2023
TLS SNI support enabled
configure arguments:
--prefix=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/work/nginx
--with-threads --with-pcre-jit --with-ipv6
--with-cc-opt='-fno-omit-frame-pointer -fsanitize=address
-DNGX_LUA_USE_ASSERT -I/opt/pcre2/include -I/opt/ssl/include'
--with-http_v2_module --with-http_v3_module --with-http_realip_module
--with-http_ssl_module
--add-module=/home/zhenzhongw/code/pcre_pr/ndk-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/set-misc-nginx-module
--with-ld-opt='-fsanitize=address -L/opt/pcre2/lib -L/opt/ssl/lib
-Wl,-rpath,/opt/pcre2/lib:/opt/drizzle/lib:/opt/ssl/lib'
--without-mail_pop3_module --without-mail_imap_module
--with-http_image_filter_module --without-mail_smtp_module --with-stream
--with-stream_ssl_module --without-http_upstream_ip_hash_module
--without-http_memcached_module --without-http_auth_basic_module
--without-http_userid_module --with-http_auth_request_module
--add-module=/home/zhenzhongw/code/pcre_pr/echo-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/memc-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/srcache-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/lua-upstream-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/headers-more-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/drizzle-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/rds-json-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/coolkit-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/redis2-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/stream-lua-nginx-module
--add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/data/fake-module
--add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/data/fake-shm-module
--add-module=/home/zhenzhongw/code/pcre_pr/lua-nginx-module/t/data/fake-delayed-load-module
--with-http_gunzip_module --with-http_dav_module --with-select_module
--with-poll_module --with-debug --with-poll_module --with-cc=gcc

*The sanitizer tool reported the following error message: *
=================================================================
==555798==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x7f502f6b4a07 in __interceptor_malloc (/lib64/libasan.so.6+0xb4a07)
    #1 0x4a1737 in ngx_alloc src/os/unix/ngx_alloc.c:22
    #2 0x525796 in ngx_regex_malloc src/core/ngx_regex.c:509
    #3 0x7f502f3e745e in _pcre2_memctl_malloc_8
(/opt/pcre2/lib/libpcre2-8.so.0+0x1145e)
    #4 0x5771ad in ngx_http_regex_compile src/http/ngx_http_variables.c:2555
    #5 0x536088 in ngx_http_core_regex_location
src/http/ngx_http_core_module.c:3263
    #6 0x537f94 in ngx_http_core_location
src/http/ngx_http_core_module.c:3115
    #7 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
    #8 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
    #9 0x5391ec in ngx_http_core_server src/http/ngx_http_core_module.c:2991
    #10 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
    #11 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
    #12 0x528e4c in ngx_http_block src/http/ngx_http.c:239
    #13 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
    #14 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
    #15 0x463f74 in ngx_init_cycle src/core/ngx_cycle.c:284
    #12 0x528e4c in ngx_http_block src/http/ngx_http.c:239
    #13 0x46ba0a in ngx_conf_handler src/core/ngx_conf_file.c:463
    #14 0x46ba0a in ngx_conf_parse src/core/ngx_conf_file.c:319
    #15 0x463f74 in ngx_init_cycle src/core/ngx_cycle.c:284
    #16 0x4300c7 in main src/core/nginx.c:295
    #17 0x7ff31a43feaf in __libc_start_call_main (/lib64/libc.so.6+0x3feaf)

SUMMARY: AddressSanitizer: 72 byte(s) leaked in 1 allocation(s).

*I have created a patch to address this memory leak issue, which I am
sharing below:*
diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
index 91381f499..71f583789 100644
--- a/src/core/ngx_regex.c
+++ b/src/core/ngx_regex.c
@@ -600,6 +600,8 @@ ngx_regex_cleanup(void *data)
      * the new cycle, these will be re-allocated.
      */

+    ngx_regex_malloc_init(NULL);
+
     if (ngx_regex_compile_context) {
         pcre2_compile_context_free(ngx_regex_compile_context);
         ngx_regex_compile_context = NULL;
@@ -611,6 +613,8 @@ ngx_regex_cleanup(void *data)
         ngx_regex_match_data_size = 0;
     }

+    ngx_regex_malloc_done();
+
 #endif
 }

@@ -706,7 +710,13 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
     ngx_regex_malloc_done();

     ngx_regex_studies = NULL;
+
 #if (NGX_PCRE2)
+    if (ngx_regex_compile_context) {
+        ngx_regex_malloc_init(NULL);
+        pcre2_compile_context_free(ngx_regex_compile_context);
+        ngx_regex_malloc_done();
+    }
     ngx_regex_compile_context = NULL;
 #endif

I kindly request your assistance in reviewing this matter and considering
the patch for inclusion in Nginx. If you have any questions or need further
information, please feel free to reach out to me. Your expertise and
feedback are highly valuable in resolving this issue.

Thank you for your time and attention to this matter.

Best regards,
ZhenZhong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20230927/293bcaa9/attachment.htm>

More information about the nginx-devel mailing list