Opened 4 years ago

Closed 4 years ago

#791 closed defect (fixed)

Segfault in sub_filter after updating to 1.9.4

Reported by: serguei.ivantsov@… Owned by:
Priority: critical Milestone:
Component: nginx-module Version: 1.9.x
Keywords: 1.9.4 sub_filter segfault Cc:
uname -a: Linux cedartrail 4.2.0-Atom #1 SMP Sat Sep 19 22:06:41 EEST 2015 x86_64 Intel(R) Atom(TM) CPU D2700 @ 2.13GHz GenuineIntel GNU/Linux
nginx -V: nginx version: nginx/1.9.4 built by gcc 4.9.3 (Gentoo 4.9.3 p1.1, pie-0.6.2) built with OpenSSL 1.0.2d 9 Jul 2015 TLS SNI support enabled configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/libx32 --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/lib/nginx/tmp/client --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-file-aio --with-debug --with-pcre --with-threads --without-http_memcached_module --without-http_scgi_module --without-http_ssi_module --without-http_split_clients_module --without-http_upstream_ip_hash_module --without-http_userid_module --without-http_uwsgi_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_spdy_module --with-http_stub_status_module --with-http_sub_module --with-http_realip_module --with-http_ssl_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --user='nginx --group=nginx' --with-debug

Description

nginx process crashes on every request after updating to 1.9.4
Reverting to 1.9.3 or earlier version fixes the issue.

After little debugging with gdb and core dumps I've found crash occurs in
src/http/modules/ngx_http_sub_filter_module.c:251

ctx->saved.data = ngx_pnalloc(r->pool, ctx->tables->max_match_len - 1);

because ctx->tables is NULL

Attachments (1)

sub-main-conf.patch (1.0 KB) - added by arut 4 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 follow-up: Changed 4 years ago by thresh

Can you please provide the full nginx configuration causing the crash? Thanks.

comment:2 in reply to: ↑ 1 Changed 4 years ago by serguei.ivantsov@…

user nginx nginx;
worker_processes 1;

error_log /var/log/nginx/error_log info;

events {

worker_connections 1024;
use epoll;

}

http {

include /etc/nginx/mime.types;
default_type application/octet-stream;

sub_filter_types text/plain text/css application/xml application/x-javascript;
sub_filter_once off;
sub_filter 'oldhost.com/' 'newhost.com/';

server {

listen 127.0.0.1:8080;
server_name localhost;
root /var/www/localhost/htdocs;

}

}

comment:3 Changed 4 years ago by serguei.ivantsov@…

cedartrail objs # telnet localhost 8080
Trying 127.0.0.1...
Connected to cedartrail.ixg.lan.
Escape character is ']'.
GET / HTTP/1.0
Host: somehost.com

Connection closed by foreign host.
cedartrail objs # dmesg
[95475.473468] nginx[27820]: segfault at 4 ip 00000000004648c0 sp 00000000ffd26050 error 4 in nginx[400000+a8000]

comment:4 Changed 4 years ago by arut

Could you please try the following patch and report the result?

Changed 4 years ago by arut

comment:5 Changed 4 years ago by serguei.ivantsov@…

With this patch nginx doesn't crash and sub_filter works properly.

comment:6 Changed 4 years ago by arut

Committed, thanks.

comment:7 Changed 4 years ago by arut

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.