fix accidental corrdump

[Maxim Dounin]

Hello!

On Fri, Sep 30, 2022 at 12:07:47PM +0800, zjd wrote:

> If disturb everyone, I'm sorry.
> 
> l->alloc itself address(&l->alloc) in the pool can be reused  
> rather than l->alloc pointer to wild address, &l->alloc return 
> to pool.
> And I try only use large memory with Maxim's way, but it's not 
> coredump. Because coredump is accident, not coredump maybe be 
> reasonable. if l->alloc is not setted NULL after free, the place 
> where use ngx_palloc or ngx_array_push etc, need memzero to 
> avoid wild pointer after use ngx_reset_pool.

The ngx_palloc() and ngx_array_push() are expected to return 
allocated, but uninitialized memory, much like normal malloc().  
The returned memory needs to be initialized before use.

If you need zeroed memory, you can either use ngx_calloc(), which 
explicitly initializes all allocated bytes to zero, much like 
calloc(), or clear the memory yourself with ngx_memzero().

Compiling nginx with NGX_DEBUG_PALLOC and using your OS malloc 
options to debug memory should help to catch memory access bugs, 
and using uninitialized memory in particular.  When using Linux, 
see [1], notably MALLOC_CHECK_ and MALLOC_PERTURB_ environment 
variables (note that you may need to use env[2] to pass these to 
worker processes).

Alternatively, you may consider using various tools, such as 
Address Sanitizer, Memory Sanitizer, and Valgrind.  These may 
need some effort to make them work correctly, though should should 
catch most of the possible bugs, including out-of-bounds accesses 
and uninitialized memory accesses (see, for example, [3]).

Hope this helps.

[1] https://man7.org/linux/man-pages/man3/mallopt.3.html
[2] http://nginx.org/r/env
[3] https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind

-- 
Maxim Dounin
http://mdounin.ru/