Welcome! Log In Create A New Profile

Re:Re: fix accidental corrdump

Forum List Message List New Topic Print View

zjd

September 27, 2022 10:58PM

my module is such:
The pool is created with ngx_create_pool in module_init_process; I get momery from the pool in the start of each request, and then use ngx_reset_pool in the end of each request.
The ngx_reset_pool take pool->large each alloc pointer return to pool, and each alloc pointer is wild pointer.
And When another get momery from the pool in next request or next next request..., I maybe get wild pointer address and access inaccessible addresses, and then coredump.

maybe the describe is simple in last mail.

At 2022-09-28 04:51:55, "Maxim Dounin" <mdounin@mdounin.ru> wrote:
>Hello!
>
>On Tue, Sep 27, 2022 at 03:25:18PM +0800, zjd wrote:
>
>> # HG changeset patch
>> # User Zhang Jinde <zjd5536@163.com>
>> # Date 1664261587 -28800
>> # Tue Sep 27 14:53:07 2022 +0800
>> # Node ID 226a75a3703db612ed13d4357ac1b71faef6974a
>> # Parent ba5cf8f73a2d0a3615565bf9545f3d65216a0530
>> Core: fix ngx_reset_pool wild pointer's coredump
>>
>> When frequently use ngx_reset_pool and use memory to the same pool in a worker, it hanpens to accidental corrdump sometimes.
>>
>> diff -r ba5cf8f73a2d -r 226a75a3703d src/core/ngx_palloc.c
>> --- a/src/core/ngx_palloc.c Thu Sep 08 13:53:49 2022 +0400
>> +++ b/src/core/ngx_palloc.c Tue Sep 27 14:53:07 2022 +0800
>> @@ -105,6 +105,7 @@
>> for (l = pool->large; l; l = l->next) {
>> if (l->alloc) {
>> ngx_free(l->alloc);
>> + l->alloc = NULL;
>> }
>> }
>
>Could you please clarify what you are trying to fix here?
>
>From the description it looks like your module tries to use memory
>already freed by ngx_reset_pool(). If that's the case, the
>coredumps you observing aren't accidental, but rather an expected
>result of the use-after-free bug in your module.
>
>--
>Maxim Dounin
>http://mdounin.ru/
>_______________________________________________
>nginx mailing list -- nginx@nginx.org
>To unsubscribe send an email to nginx-leave@nginx.org
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org

Reply Quote

RSS

Subject	Author	Posted
fix accidental corrdump	zjd	September 27, 2022 03:26AM
Re: fix accidental corrdump	Maxim Dounin	September 27, 2022 04:54PM
Re:Re: fix accidental corrdump	zjd	September 27, 2022 10:58PM
Re: Re: fix accidental corrdump	Maxim Dounin	September 28, 2022 11:58AM
Re:Re: Re: fix accidental corrdump	zjd	September 29, 2022 04:32AM
Re: Re: Re: fix accidental corrdump	Maxim Dounin	September 29, 2022 03:54PM
Re: Re: Re: fix accidental corrdump	Frank Swasey	September 29, 2022 04:38PM
Re: Re: Re: fix accidental corrdump	Maxim Dounin	September 29, 2022 07:22PM
Re:Re: Re: Re: fix accidental corrdump	zjd	September 30, 2022 12:10AM
Re: Re: Re: Re: fix accidental corrdump	Maxim Dounin	September 30, 2022 08:08AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 168

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018