Opened 4 years ago

Closed 4 years ago

#791 closed defect (fixed)

Segfault in sub_filter after updating to 1.9.4

Reported by: serguei.ivantsov@… Owned by:
Priority: critical Milestone:
Component: nginx-module Version: 1.9.x
Keywords: 1.9.4 sub_filter segfault Cc:
uname -a: Linux cedartrail 4.2.0-Atom #1 SMP Sat Sep 19 22:06:41 EEST 2015 x86_64 Intel(R) Atom(TM) CPU D2700 @ 2.13GHz GenuineIntel GNU/Linux
nginx -V: nginx version: nginx/1.9.4
built by gcc 4.9.3 (Gentoo 4.9.3 p1.1, pie-0.6.2)
built with OpenSSL 1.0.2d 9 Jul 2015
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/libx32 --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/lib/nginx/tmp/client --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-file-aio --with-debug --with-pcre --with-threads --without-http_memcached_module --without-http_scgi_module --without-http_ssi_module --without-http_split_clients_module --without-http_upstream_ip_hash_module --without-http_userid_module --without-http_uwsgi_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_spdy_module --with-http_stub_status_module --with-http_sub_module --with-http_realip_module --with-http_ssl_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --user='nginx --group=nginx' --with-debug

Description

nginx process crashes on every request after updating to 1.9.4
Reverting to 1.9.3 or earlier version fixes the issue.

After little debugging with gdb and core dumps I've found crash occurs in
src/http/modules/ngx_http_sub_filter_module.c:251

ctx->saved.data = ngx_pnalloc(r->pool, ctx->tables->max_match_len - 1);

because ctx->tables is NULL

Attachments (1)

sub-main-conf.patch (1.0 KB ) - added by Roman Arutyunyan 4 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 by thresh, 4 years ago

Can you please provide the full nginx configuration causing the crash? Thanks.

in reply to:  1 comment:2 by serguei.ivantsov@…, 4 years ago

user nginx nginx;
worker_processes 1;

error_log /var/log/nginx/error_log info;

events {

worker_connections 1024;
use epoll;

}

http {

include /etc/nginx/mime.types;
default_type application/octet-stream;

sub_filter_types text/plain text/css application/xml application/x-javascript;
sub_filter_once off;
sub_filter 'oldhost.com/' 'newhost.com/';

server {

listen 127.0.0.1:8080;
server_name localhost;
root /var/www/localhost/htdocs;

}

}

comment:3 by serguei.ivantsov@…, 4 years ago

cedartrail objs # telnet localhost 8080
Trying 127.0.0.1...
Connected to cedartrail.ixg.lan.
Escape character is ']'.
GET / HTTP/1.0
Host: somehost.com

Connection closed by foreign host.
cedartrail objs # dmesg
[95475.473468] nginx[27820]: segfault at 4 ip 00000000004648c0 sp 00000000ffd26050 error 4 in nginx[400000+a8000]

comment:4 by Roman Arutyunyan, 4 years ago

Could you please try the following patch and report the result?

by Roman Arutyunyan, 4 years ago

Attachment: sub-main-conf.patch added

comment:5 by serguei.ivantsov@…, 4 years ago

With this patch nginx doesn't crash and sub_filter works properly.

comment:6 by Roman Arutyunyan, 4 years ago

Committed, thanks.

comment:7 by Roman Arutyunyan, 4 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.