details:
https://github.com/nginx/nginx/commit/d31305653701bd99e8e5e6aa48094599a08f9f12
branches: master
commit: d31305653701bd99e8e5e6aa48094599a08f9f12
user: Sergey Kandaurov <pluk...@nginx.com>
date: Thu, 27 Feb 2025 16:09:50 +0400
description:
Slice filter: improved memory allocation error handling.
As uncovered by recent addition in slice.t, a partially initialized
context, coupled with HTTP 206 response from stub backend, might be
accessed in the next slice subrequest.
Found by bad memory allocator simulation.
---
src/http/modules/ngx_http_slice_filter_module.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/http/modules/ngx_http_slice_filter_module.c
b/src/http/modules/ngx_http_slice_filter_module.c
index 3b0bef629..67dc14c82 100644
--- a/src/http/modules/ngx_http_slice_filter_module.c
+++ b/src/http/modules/ngx_http_slice_filter_module.c
@@ -419,13 +419,13 @@ ngx_http_slice_range_variable(ngx_http_request_t *r,
return NGX_ERROR;
}
- ngx_http_set_ctx(r, ctx, ngx_http_slice_filter_module);
-
p = ngx_pnalloc(r->pool, sizeof("bytes=-") - 1 + 2 * NGX_OFF_T_LEN);
if (p == NULL) {
return NGX_ERROR;
}
+ ngx_http_set_ctx(r, ctx, ngx_http_slice_filter_module);
+
ctx->start = slcf->size * (ngx_http_slice_get_start(r) / slcf->size);
ctx->range.data = p;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
