Hello!

On Fri, Sep 30, 2022 at 12:07:47PM +0800, zjd wrote:

> If disturb everyone, I'm sorry.
>
> l->alloc itself address(&l->alloc) in the pool can be reused
> rather than l->alloc pointer to wild address, &l->alloc return
> to pool.
> And I try only use large memory with Maxim's way, but it's not
> coredump. Because coredump is accident, not coredump maybe be
> reasonable. if l->alloc is not setted NULL after free, the place
> where use ngx_palloc or ngx_array_push etc, need memzero to
> avoid wild pointer after use ngx_reset_pool.

The ngx_palloc() and ngx_array_push() are expected to return
allocated, but uninitialized memory, much like normal malloc().
The returned memory needs to be initialized before use.

If you need zeroed memory, you can either use ngx_calloc(), which
explicitly initializes all allocated bytes to zero, much like
calloc(), or clear the memory yourself with ngx_memzero().

Compiling nginx with NGX_DEBUG_PALLOC and using your OS malloc
options to debug memory should help to catch memory access bugs,
and using uninitialized memory in particular. When using Linux,
see [1], notably MALLOC_CHECK_ and MALLOC_PERTURB_ environment
variables (note that you may need to use env[2] to pass these to
worker processes).

Alternatively, you may consider using various tools, such as
Address Sanitizer, Memory Sanitizer, and Valgrind. These may
need some effort to make them work correctly, though should should
catch most of the possible bugs, including out-of-bounds accesses
and uninitialized memory accesses (see, for example, [3]).

Hope this helps.

[1] https://man7.org/linux/man-pages/man3/mallopt.3.html
[2] http://nginx.org/r/env
[3] https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org