Welcome! Log In Create A New Profile

Advanced

Re: bug report for nginx version: nginx/1.3.6

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
October 05, 2012 06:10AM
Hello!

On Fri, Oct 05, 2012 at 04:05:42PM +0800, Wang Tiefeng wrote:

> Hi!
> When buf > last - 50, buf (= last - 50) is an invalid memory address.
> And the follow lines write on this invalid memoy. AIthough, bufs for log
> in nginx are all bigger than 50, the function does not depend on this. At
> least , I think this funciton is not robust。

As I already said, the code depends on the buffer being at least
50 bytes long. Much like the other fact that the "last" pointer
should mark buffer end.

As long as the function is used correctly - there is no problem.
If it's used incorrectly (i.e. with buffer less than 50 bytes
long) - there will be a problem, but not in a function itself, but
in the code which uses it incorrectly.

Maxim Dounin

>
>
> 2012/10/4 Maxim Dounin <mdounin@mdounin.ru>
>
> > Hello!
> >
> > On Thu, Oct 04, 2012 at 06:42:42PM +0800, Wang Tiefeng wrote:
> >
> > > Recently,I start to read nginx source code.
> > > I chose nginx/1.3.6 a relatively new version。
> > >
> > > When I read file ngx_log.c, the function ngx_log_errno() confused me .
> > >
> > > There may be some bugs in the following codes :
> > > 238 if (buf > last - 50) {
> > > 239
> > > 240 /* leave a space for an error code */
> > > 241
> > > 242 buf = last - 50;
> > > 243 *buf++ = '.';
> > > 244 *buf++ = '.';
> > > 245 *buf++ = '.';
> > > 246 }
> > >
> > > Althoug,I am not sure about my judgment,valgrind reports invalid write on
> > > line 243.
> >
> > See no problem here. The code depends on the fact that the buffer
> > used for printing errors is at least 50 bytes long, and the "last"
> > pointer marks it's end, but it looks perfectly safe as long as
> > ngx_log_errno() is used correctly.
> >
> > --
> > Maxim Dounin
> > http://nginx.com/support.html
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel

> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel


--
Maxim Dounin
http://nginx.com/support.html

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

bug report for nginx version: nginx/1.3.6

Wang Tiefeng 1151 October 04, 2012 06:44AM

Re: bug report for nginx version: nginx/1.3.6

Maxim Dounin 532 October 04, 2012 11:10AM

Re: bug report for nginx version: nginx/1.3.6

Wang Tiefeng 471 October 05, 2012 04:06AM

Re: bug report for nginx version: nginx/1.3.6

Maxim Dounin 591 October 05, 2012 06:10AM

Re: bug report for nginx version: nginx/1.3.6

Vladimir Shebordaev 582 October 05, 2012 07:32AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 111
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready