35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
|
From 25c546ac37ba622b93c1a7075bd7eb447bac17b2 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Maxim Dounin <mdounin@mdounin.ru>
|
||
|
|
Date: Tue, 18 Apr 2023 06:28:46 +0300
|
||
|
|
Subject: [PATCH] Fixed segfault if regex studies list allocation fails.
|
||
|
|
|
||
|
|
The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(),
|
||
|
|
and this used to cause NULL pointer dereference if allocation
|
||
|
|
failed. Fix is to set cleanup handler only when allocation succeeds.
|
||
|
|
---
|
||
|
|
src/core/ngx_regex.c | 6 +++---
|
||
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
|
||
|
|
index bebf3b6a83e..91381f49942 100644
|
||
|
|
--- a/src/core/ngx_regex.c
|
||
|
|
+++ b/src/core/ngx_regex.c
|
||
|
|
@@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
|
||
|
|
return NULL;
|
||
|
|
}
|
||
|
|
|
||
|
|
- cln->handler = ngx_regex_cleanup;
|
||
|
|
- cln->data = rcf;
|
||
|
|
-
|
||
|
|
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
||
|
|
if (rcf->studies == NULL) {
|
||
|
|
return NULL;
|
||
|
|
}
|
||
|
|
|
||
|
|
+ cln->handler = ngx_regex_cleanup;
|
||
|
|
+ cln->data = rcf;
|
||
|
|
+
|
||
|
|
ngx_regex_studies = rcf->studies;
|
||
|
|
|
||
|
|
return rcf;
|