bugfix: fixed double free issues in the new init_cycle_pool_release patch for the nginx core.
This commit is contained in:
parent
f721f66b4e
commit
84734aa1f9
|
@ -1,7 +1,7 @@
|
||||||
diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
|
diff -rup nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
|
||||||
--- nginx-1.13.6/src/core/nginx.c 2017-12-16 12:04:13.923270925 -0800
|
--- nginx-1.13.6/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800
|
||||||
+++ nginx-1.13.6-patched/src/core/nginx.c 2017-12-16 12:03:55.013934545 -0800
|
+++ nginx-1.13.6-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800
|
||||||
@@ -198,6 +198,7 @@
|
@@ -186,6 +186,7 @@ static u_char *ngx_prefix;
|
||||||
static u_char *ngx_conf_file;
|
static u_char *ngx_conf_file;
|
||||||
static u_char *ngx_conf_params;
|
static u_char *ngx_conf_params;
|
||||||
static char *ngx_signal;
|
static char *ngx_signal;
|
||||||
|
@ -9,7 +9,7 @@ diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
|
||||||
|
|
||||||
|
|
||||||
static char **ngx_os_environ;
|
static char **ngx_os_environ;
|
||||||
@@ -265,6 +266,8 @@
|
@@ -253,6 +254,8 @@ main(int argc, char *const *argv)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,27 +18,42 @@ diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
|
||||||
if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
|
if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
diff -ur nginx-1.13.6/src/core/ngx_core.h nginx-1.13.6-patched/src/core/ngx_core.h
|
diff -rup nginx-1.13.6/src/core/ngx_core.h nginx-1.13.6-patched/src/core/ngx_core.h
|
||||||
--- nginx-1.13.6/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700
|
--- nginx-1.13.6/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700
|
||||||
+++ nginx-1.13.6-patched/src/core/ngx_core.h 2017-12-16 12:03:55.013934545 -0800
|
+++ nginx-1.13.6-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800
|
||||||
@@ -108,4 +108,6 @@
|
@@ -108,4 +108,6 @@ void ngx_cpuinfo(void);
|
||||||
#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
|
#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
+extern ngx_pool_t *saved_init_cycle_pool;
|
+extern ngx_pool_t *saved_init_cycle_pool;
|
||||||
+
|
+
|
||||||
#endif /* _NGX_CORE_H_INCLUDED_ */
|
#endif /* _NGX_CORE_H_INCLUDED_ */
|
||||||
diff -ur nginx-1.13.6/src/os/unix/ngx_process_cycle.c nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c
|
diff -rup nginx-1.13.6/src/core/ngx_cycle.c nginx-1.13.6-patched/src/core/ngx_cycle.c
|
||||||
--- nginx-1.13.6/src/os/unix/ngx_process_cycle.c 2017-12-16 12:04:13.901271675 -0800
|
--- nginx-1.13.6/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700
|
||||||
+++ nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 12:03:55.027933951 -0800
|
+++ nginx-1.13.6-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800
|
||||||
@@ -785,6 +785,10 @@
|
@@ -748,6 +748,10 @@ old_shm_zone_done:
|
||||||
|
|
||||||
ngx_destroy_pool(cycle->pool);
|
if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) {
|
||||||
|
|
||||||
|
+ if (ngx_is_init_cycle(old_cycle)) {
|
||||||
|
+ saved_init_cycle_pool = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ngx_destroy_pool(old_cycle->pool);
|
||||||
|
cycle->old_cycle = NULL;
|
||||||
|
|
||||||
|
diff -rup nginx-1.13.6/src/os/unix/ngx_process_cycle.c nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c
|
||||||
|
--- nginx-1.13.6/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800
|
||||||
|
+++ nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800
|
||||||
|
@@ -783,6 +783,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc
|
||||||
|
ngx_exit_cycle.files_n = ngx_cycle->files_n;
|
||||||
|
ngx_cycle = &ngx_exit_cycle;
|
||||||
|
|
||||||
+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
|
+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
|
||||||
+ ngx_destroy_pool(saved_init_cycle_pool);
|
+ ngx_destroy_pool(saved_init_cycle_pool);
|
||||||
|
+ saved_init_cycle_pool = NULL;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
exit(0);
|
ngx_destroy_pool(cycle->pool);
|
||||||
}
|
|
||||||
|
|
||||||
|
exit(0);
|
||||||
|
|
Loading…
Reference in New Issue