Opened 10 years ago
Last modified 2 years ago
#600 closed defect
segfault in ngx_http_get_variable() — at Initial Version
| Reported by: | Xiaochen Wang | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | |
| Keywords: | Cc: | ||
| uname -a: | Linux *** 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.7.2
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-52) |
||
Description
easy to reproduce:
- nginx configure:
location / {
set $sent_http_foo "bar";
ssi on;
root html;
}
- The content of html/index.html is '<!--#echo var="sent_http_foo" -->'
- Requesting uri /index.html will trigger the segfault
coredump backtrace:
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 0x0000000000438555 in ngx_http_get_variable (r=0xbe87f0, name=<value optimized out>, key=<value optimized out>) at src/http/ngx_http_variables.c:565
#2 0x000000000044b50f in ngx_http_ssi_echo (r=0xbe87f0, ctx=0xbe9ab8, params=0x7fff6d998cb0) at src/http/modules/ngx_http_ssi_filter_module.c:2262
...
(gdb) frame 1
#1 0x0000000000438555 in ngx_http_get_variable (r=0xbe87f0, name=<value optimized out>,
key=<value optimized out>) at src/http/ngx_http_variables.c:565
565 if (vv && v->get_handler(r, vv, v->data) == NGX_OK) {
(gdb) print vv
$7 = (ngx_http_variable_value_t *) 0xbea000
(gdb) print v->get_handler
$8 = (ngx_http_get_variable_pt) 0 <<< v->get_handler is NULL
Another module ngx.lua (https://github.com/openresty/lua-nginx-module), using ngx_http_get_variable() api, will trigger this segfault too.
See configure as following, requesting uri / will trigger the segfault.
location / {
set $http_foo "bar";
content_by_lua "ngx.say(ngx.var.http_foo)";
}
