zero size buf in output(Bug?)
Andrey Feldman
pr1 at pr1.ru
Tue Oct 9 22:07:43 UTC 2012
Tried your patch, but after few minutes workers starts crashing.
GDB:
Core was generated by `nginx: worker process '.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000040ab19 in ngx_vslprintf (buf=0x7fff9e5f2785 <Address
0x7fff9e5f2785 out of bounds>,
last=0x7fff9e5f2f50 <Address 0x7fff9e5f2f50 out of bounds>,
fmt=<value optimized out>, args=0x7fff9e5f2730) at src/core/ngx_string.c:178
178 while (*fmt >= '0' && *fmt <= '9') {
On 10/09/2012 11:36 PM, Maxim Dounin wrote:
> Thank you for report. From debug log it's more or less clear what
> goes on here, it indeed affects HEAD (as well as other header
> only) requests while loading cache entry.
>
> I'm able to reproduce it here with the following config:
>
> location = /proxy {
> proxy_pass http://127.0.0.1:8080/10m;
> proxy_cache one;
> proxy_cache_valid any 5s;
> sendfile off;
> output_buffers 1 1024;
> }
>
> It's more or less harmless (i.e. no bad things happen, worst one
> is log entry).
>
> Quick fix would be to do something like this:
>
> --- a/src/http/ngx_http_upstream.c
> +++ b/src/http/ngx_http_upstream.c
> @@ -2075,6 +2075,8 @@ ngx_http_upstream_send_response(ngx_http
> r->write_event_handler = ngx_http_request_empty_handler;
> c->error = 1;
>
> + u->pipe->downstream_error = 1;
> +
> } else {
> ngx_http_upstream_finalize_request(r, u, rc);
> return;
>
> Though it probably needs more attention. I'll take a look as time
> permits.
>
More information about the nginx
mailing list