Welcome! Log In Create A New Profile

[PATCH 0 of 2] Two allocation failure path errors

Forum List Message List New Topic Print View

Markus Linnala

August 17, 2014 04:02PM

I've found two of allocation failure path problems with clear way to
test them.

ngx_regex_compile logs uninitialized memory if allocation
fails. Mark error message as zero length to prevent errors.
Example valgrind output of a case when usin nginx-test rewrite.t:

src/core/ngx_regex.c
150 rc->regex = NULL; // ngx_pcalloc(rc->pool, sizeof(ngx_regex_t));

==20818== Syscall param write(buf) points to uninitialised byte(s)
==20818== at 0x3EEB00E800: __write_nocancel (in /usr/lib64/libpthread-2.18.so)
==20818== by 0x404B1F: ngx_log_error_core (ngx_files.h:147)
==20818== by 0x412AD3: ngx_conf_log_error (ngx_conf_file.c:936)
==20818== by 0x43CF37: ngx_http_regex_compile (ngx_http_variables.c:2312)
==20818== by 0x45F980: ngx_http_rewrite (ngx_http_rewrite_module.c:337)
==20818== by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818== by 0x42A080: ngx_http_core_location (ngx_http_core_module.c:3286)
==20818== by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818== by 0x42A2BB: ngx_http_core_server (ngx_http_core_module.c:3058)
==20818== by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818== by 0x425C52: ngx_http_block (ngx_http.c:239)
==20818== by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818== Address 0xffeffd955 is on thread 1's stack
==20818==

And there is emerg message with cleary uninitialized memory.

Allocating etags can fail and we still print it when sending
Internal Server Error message because we set hash to 1 before
failing allocation. This can be tested with not_modified.t from
nginx-tests. Exceprt error message when allocation fails:

src/http/ngx_http_core_module.c
1838 etag->value.data = NULL; // ngx_pnalloc(r->pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3);

# 'HTTP/1.1 500 Internal Server Error
# Server: nginx/1.7.5
# Date: Sun, 17 Aug 2014 19:30:15 GMT
# Content-Type: text/html
# Content-Length: 192
# Connection: close
# ETag:
#
# <html>
# <head><title>500 Internal Server Error</title></head>
# <body bgcolor="white">
# <center><h1>500 Internal Server Error</h1></center>
# <hr><center>nginx/1.7.5</center>
# </body>
# </html>
# '

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 0 of 2] Two allocation failure path errors	Markus Linnala	639	August 17, 2014 04:02PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 177

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018