Opened 7 years ago
Closed 7 years ago
#1618 closed defect (fixed)
Potential infinity cycle in ngx_http_upstream_send_request_body()
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.15.x |
| Keywords: | Cc: | razmyslov@… | |
| uname -a: | |||
| nginx -V: | Mercurial default branch. | ||
Description
I have found a bug using PVS-Studio static analyzer for C/C++/C#.
V1021 The 'cl' variable is assigned the same value on several loop iterations. ngx_http_upstream.c 2138
if (r->request_body->bufs) {
for (cl = out; cl->next; cl = out->next) { /* void */ } // <= bug
cl->next = r->request_body->bufs;
r->request_body->bufs = NULL;
}
Corrected code:
for (cl = out; cl->next; cl = cl->next) { /* void */ }
Change History (4)
comment:1 by , 7 years ago
| Status: | new → accepted |
|---|
comment:2 by , 7 years ago
| Priority: | critical → minor |
|---|
comment:4 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Note:
See TracTickets
for help on using tickets.
Thanks for reporting.
Looks like currently chain link is a single item in this place, so nothing bad happens
in vanilla nginx.