id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 1263,Segmentation Fault when SSI is used in sub-request,peter.magdina.sk@…,,"Hi, nginx worker process crashes with segfault when SSI is used in a sub-request. Config example: {{{ location /loc1.html { add_after_body /loc2.html; } location /loc2.html { ssi on; } }}} Seg fault happens only when I access /loc1.html location. When I access /loc2.html directly it works fine. Error log: {{{ ==> ../log/error.log <== 2017/05/03 18:47:10 [alert] 14548#23345880: worker process 14566 exited on signal 11 2017/05/03 18:47:10 [alert] 14548#23345880: worker process 14573 exited on signal 11 }}} Just FYI, content of loc1.html: {{{

Hi from location 1 !

}}} content of loc2.html: {{{

Hi from location 2 on !

}}} I tried to debug it and fix it, but due to the time I stopped here: file ngx_http_ssi_filter_module.c: {{{ static ngx_str_t * ngx_http_ssi_get_variable(ngx_http_request_t *r, ngx_str_t *name, ngx_uint_t key) { ngx_uint_t i; ngx_list_part_t *part; ngx_http_ssi_var_t *var; ngx_http_ssi_ctx_t *ctx; ctx = ngx_http_get_module_ctx(r->main, ngx_http_ssi_filter_module); ... }}} ctx is NULL. SSI context is missing when SSI is called in a subrequest. And then the subsequent code will cause segfault, because ctx is NULL: {{{ if (ctx->variables == NULL) { return NULL; } }}} I added some additional debug logs to the code around the ctx = ngx_http_get_module_ctx(....) line. And this is the output: {{{ 2017/05/03 18:47:10 [debug] 16787#8822579: *3 ssi ngx_http_ssi_get_variable r->main: 00007FE3FC006E50 2017/05/03 18:47:10 [debug] 16787#8822579: *3 ssi ngx_http_ssi_get_variable r->main->ctx: 00007FE3FC007770, module.ctx_index: 46 2017/05/03 18:47:10 [debug] 16787#8822579: *3 ssi ngx_http_ssi_get_variable ctx: 0000000000000000 }}} Cheers Peter Magdina ",defect,closed,major,,nginx-module,1.11.x,fixed,,,Darwin xxxxxx.local 16.5.0 Darwin Kernel Version 16.5.0: Fri Mar 3 16:52:33 PST 2017; root:xnu-3789.51.2~3/RELEASE_X86_64 x86_64,"nginx version: nginx/1.12.0 built by clang 8.1.0 (clang-802.0.41) built with OpenSSL 1.1.0e 16 Feb 2017 TLS SNI support enabled configure arguments: --with-cc-opt='-O2 -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --add-module=spnego-http-auth-nginx-module-master --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-http_v2_module --with-threads --with-http_slice_module --user=nginx --group=nginx --prefix=/opt/nginx --error-log-path=/opt/nginx/log/error.log --http-log-path=/opt/nginx/log/access.log --pid-path=/opt/nginx/run/nginx.pid --lock-path=/opt/nginx/run/nginx --http-client-body-temp-path=/opt/nginx/cache/client --http-proxy-temp-path=/opt/nginx/cache/proxy --http-fastcgi-temp-path=/opt/nginx/cache/fastcgi --http-uwsgi-temp-path=/opt/nginx/cache/uwsgi --http-scgi-temp-path=/opt/nginx/cache/scgi"