Opened 7 years ago

Closed 7 years ago

#511 closed defect (invalid)

Shared Memory Add Segfaults on Small Sizes

Reported by: Scott Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.5.x
Keywords: Cc:
uname -a: Darwin ... 13.0.0 Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64 x86_64
nginx -V: nginx version: nginx/1.5.7
built by clang 5.0 (clang-500.2.79) (based on LLVM 3.3svn)
configure arguments: --without-http_rewrite_module --prefix=... --add-module=...

Description

If I call ngx_shared_memory_add() from within a module directive's custom set method with a size of less than 120 but greater than 0 I get a segmentation fault at ngx_slab.c:111 (assumedly because pages is very large).

Change History (2)

comment:1 by Ruslan Ermilov, 7 years ago

120 is the size of ngx_slab_pool_t which is located at the top of shared memory. If you specify size less than it,

    p = (u_char *) pool + sizeof(ngx_slab_pool_t);
    size = pool->end - p;

    ngx_slab_junk(p, size);

size will be "negative" (extra large). Usually the code in nginx limits the minimum shmem size to several memory pages.

comment:2 by Maxim Dounin, 7 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.