#1333 closed defect (invalid)
Crashes in timer code when ngx_log_debug is on
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.13.x |
| Keywords: | Cc: | ||
| uname -a: | Linux lbrouk2-c09380ed 3.13.0-108.155-generic #apcera1 SMP Sun Jan 22 01:41:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: | nginx/1.12.1 (same in 1.13.3) | ||
Description
There is now code that looks like
https://github.com/nginx/nginx/blob/6454225872c058c2705fc1e207ce4bb503b2e12a/src/event/ngx_event_timer.h#L69-L71
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, ...ngx_event_ident(ev->data), ...);
ngx_event_ident takes an ngx_connection*, we use timers with custom data pointers in our code, not tied to a specific connection, so the above line crashes in debug mode.
There are several other instances of this, easily greppable
Change History (3)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
The ev->data field is expected to contain ngx_connection_t or a structure compatible with it for ngx_event_data(). For example, ngx_open_file_cache_event_t does the following:
typedef struct {
/* ngx_connection_t stub to allow use c->fd as event ident */
void *data;
ngx_event_t *read;
ngx_event_t *write;
ngx_fd_t fd;
...
} ngx_open_file_cache_event_t;
and here is a quote from resolver code:
struct ngx_resolver_s {
/* has to be pointer because of "incomplete type" */
ngx_event_t *event;
void *dummy;
ngx_log_t *log;
/* event ident must be after 3 pointers as in ngx_connection_t */
ngx_int_t ident;
...
While this may be non-intuitive and not convenient in some cases, this is how it works. If your module does not provide appropriate ev->data, an obvious solution would be to fix the module.
This ticket reminds me an old joke: “The patient says "Doctor, it hurts when I do this." "Then don't do that!"”