Opened 12 years ago
Closed 12 years ago
#369 closed defect (fixed)
Valgrind warning for using unititialised bytes when writing cache file
Reported by: | markus-linnala.myopenid.com | Owned by: | Maxim Dounin |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.2.x |
Keywords: | valgrind proxy | Cc: | |
uname -a: | Linux workstation 3.6.11-4.fc16.x86_64 #1 SMP Tue Jan 8 20:57:42 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.2.9 (no pool)
built by gcc 4.6.3 20120306 (Red Hat 4.6.3-2) (GCC) configure arguments: --prefix=/home/maage/nginx --with-debug |
Description
% valgrind --tool=memcheck --track-origins=yes --malloc-fill=7E ~/nginx/sbin/nginx -p $(pwd)/t/servroot/ -c $(pwd)/t/servroot/conf/nginx.conf ==3476== Memcheck, a memory error detector ==3476== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==3476== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info ==3476== Command: /home/maage/nginx/sbin/nginx -p /home/maage/a/nginx-1.2.9/t/servroot/ -c /home/maage/a/nginx-1.2.9/t/servroot/conf/nginx.conf ==3476== ==3476== Syscall param pwrite64(buf) points to uninitialised byte(s) ==3476== at 0x3B1980EEF3: __pwrite_nocancel (in /lib64/libpthread-2.14.90.so) ==3476== by 0x41DBD0: ngx_write_file (ngx_files.c:80) ==3476== by 0x41DDB9: ngx_write_chain_to_file (ngx_files.c:209) ==3476== by 0x40AB7E: ngx_write_chain_to_temp_file (ngx_file.c:36) ==3476== by 0x41C04A: ngx_event_pipe_write_chain_to_temp_file (ngx_event_pipe.c:753) ==3476== by 0x41D351: ngx_event_pipe (ngx_event_pipe.c:441) ==3476== by 0x43F23D: ngx_http_upstream_process_upstream (ngx_http_upstream.c:2663) ==3476== by 0x4411E3: ngx_http_upstream_process_header (ngx_http_upstream.c:2362) ==3476== by 0x43F3A4: ngx_http_upstream_handler (ngx_http_upstream.c:949) ==3476== by 0x422EC1: ngx_epoll_process_events (ngx_epoll_module.c:683) ==3476== by 0x41A1F9: ngx_process_events_and_timers (ngx_event.c:247) ==3476== by 0x42275A: ngx_single_process_cycle (ngx_process_cycle.c:315) ==3476== Address 0x4c7bb72 is 34 bytes inside a block of size 4,096 alloc'd ==3476== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==3476== by 0x41D955: ngx_alloc (ngx_alloc.c:22) ==3476== by 0x40521D: ngx_malloc (ngx_palloc.c:119) ==3476== by 0x405267: ngx_palloc (ngx_palloc.c:140) ==3476== by 0x4405AF: ngx_http_upstream_process_header (ngx_http_upstream.c:1538) ==3476== by 0x43F3A4: ngx_http_upstream_handler (ngx_http_upstream.c:949) ==3476== by 0x422EC1: ngx_epoll_process_events (ngx_epoll_module.c:683) ==3476== by 0x41A1F9: ngx_process_events_and_timers (ngx_event.c:247) ==3476== by 0x42275A: ngx_single_process_cycle (ngx_process_cycle.c:315) ==3476== by 0x4040E3: main (nginx.c:409) ==3476== Uninitialised value was created by a heap allocation ==3476== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==3476== by 0x41D955: ngx_alloc (ngx_alloc.c:22) ==3476== by 0x40521D: ngx_malloc (ngx_palloc.c:119) ==3476== by 0x405267: ngx_palloc (ngx_palloc.c:140) ==3476== by 0x4405AF: ngx_http_upstream_process_header (ngx_http_upstream.c:1538) ==3476== by 0x43F3A4: ngx_http_upstream_handler (ngx_http_upstream.c:949) ==3476== by 0x422EC1: ngx_epoll_process_events (ngx_epoll_module.c:683) ==3476== by 0x41A1F9: ngx_process_events_and_timers (ngx_event.c:247) ==3476== by 0x42275A: ngx_single_process_cycle (ngx_process_cycle.c:315) ==3476== by 0x4040E3: main (nginx.c:409) ==3476==
Config:
worker_processes 1; daemon off; master_process off; http { proxy_cache_path /tmp/ngx_cache keys_zone=test_cache:10m; proxy_temp_path /tmp/ngx_temp 1 2; server { listen 1984; server_name _; client_max_body_size 30M; location /proxy { proxy_pass $scheme://127.0.0.1:$server_port/etc/issue; proxy_cache test_cache; proxy_cache_valid 1h; } location = /etc/issue { root /; } } } events { worker_connections 64; }
As I look cachefile, there is six '~' chars (7E above) at the end of first line. You need to have clear cache to see the warning.
This is because writing members of struct ngx_http_file_cache_header_t does not fill its size fully. And therefore nginx writes unitialised bytes at the end of the ngx_http_file_cache_header_t.
With this patch I can silence warning.
--- src/http/ngx_http_file_cache.c- 2013-06-04 21:55:09.000000000 +0300 +++ src/http/ngx_http_file_cache.c 2013-06-04 21:55:44.000000000 +0300 @@ -873,6 +873,8 @@ ngx_http_file_cache_set_header(ngx_http_ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http file cache set header"); + ngx_memzero(h, sizeof(ngx_http_file_cache_header_t)); + c = r->cache; h->valid_sec = c->valid_sec;
Change History (2)
comment:1 by , 12 years ago
Owner: | set to |
---|---|
Status: | new → assigned |
comment:2 by , 12 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed by 711fa02afae8, thanks for prodding this.
Note:
See TracTickets
for help on using tickets.
Yes, thanks, I have patch sitting here to silence some false-positive valgrind warnings, including this one.