Nginx 1.0.5 in windows heap corruption

Maxim Dounin mdounin at mdounin.ru
Sun Aug 21 16:31:49 UTC 2011


Hello!

On Sun, Aug 21, 2011 at 12:07:06PM -0400, hydra wrote:

> Hi,
>    When I use Nginx 1.0.5 in WINDOWS, It message a box with information
> that is heap corruption.
>    I use Visual Studio to debug it and find that in
> src/os/win32/ngx_file.c line 224 ngx_win32_rename_file() . 
>    When I do like this:
>   
>   ngx_err_t
> ngx_win32_rename_file(ngx_str_t *from, ngx_str_t *to, ngx_log_t *log)
> {
>     u_char             *name;
>     ngx_err_t           err;
>     ngx_uint_t          collision;
>     ngx_atomic_uint_t   num;
>     size_t              size;
> 
>     size = to->len + 1 + 10 + 1 + sizeof("DELETE") + 1;

Thank you for report.  It looks like "10" here should be 
instead NGX_ATOMIC_T_LEN here.

Could you please test the following patch?

diff --git a/src/os/win32/ngx_files.c b/src/os/win32/ngx_files.c
--- a/src/os/win32/ngx_files.c
+++ b/src/os/win32/ngx_files.c
@@ -228,7 +228,8 @@ ngx_win32_rename_file(ngx_str_t *from, n
     ngx_uint_t          collision;
     ngx_atomic_uint_t   num;

-    name = ngx_alloc(to->len + 1 + 10 + 1 + sizeof("DELETE"), log);
+    name = ngx_alloc(to->len + 1 + NGX_ATOMIC_T_LEN + 1 + sizeof("DELETE"),
+                     log);
     if (name == NULL) {
         return NGX_ENOMEM;
     }


Maxim Dounin



More information about the nginx mailing list