details: https://hg.nginx.org/nginx/rev/011f5ebdb928
branches:
changeset: 8007:011f5ebdb928
user: Maxim Dounin <mdounin@mdounin.ru>
date: Thu Feb 03 22:46:01 2022 +0300
description:
HTTP/2: fixed closed_nodes overflow (ticket #1708).

With large http2_max_concurrent_streams or http2_max_concurrent_pushes, more
than 255 ngx_http_v2_node_t structures might be allocated, eventually leading
to h2c->closed_nodes overflow when closing corresponding streams. This will
in turn result in additional allocations in ngx_http_v2_get_node_by_id().

While mostly harmless, it can result in excessive memory usage by a HTTP/2
connection, notably in configurations with many keepalive_requests allowed.
Fix is to use ngx_uint_t for h2c->closed_nodes instead of unsigned:8.

diffstat:

src/http/v2/ngx_http_v2.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diffs (17 lines):

diff -r 32b0ba4855a6 -r 011f5ebdb928 src/http/v2/ngx_http_v2.h
--- a/src/http/v2/ngx_http_v2.h Thu Feb 03 01:44:38 2022 +0300
+++ b/src/http/v2/ngx_http_v2.h Thu Feb 03 22:46:01 2022 +0300
@@ -153,12 +153,12 @@ struct ngx_http_v2_connection_s {
ngx_queue_t dependencies;
ngx_queue_t closed;

+ ngx_uint_t closed_nodes;
ngx_uint_t last_sid;
ngx_uint_t last_push;

time_t lingering_time;

- unsigned closed_nodes:8;
unsigned settings_ack:1;
unsigned table_update:1;
unsigned blocked:1;
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org