Hi, On Fri, Apr 12, 2013 at 07:38:46AM +0000, 彭谦(研六 福州) wrote: > Hi all, > > Recently, we have tested the NGX reverse proxy by TestCenter and found a > segmentation fault in DNS module. > > BUG condition: > 1. The rn link two(or more) ctxs, As we know the end ctx get a timeout event. > 2. When rn recive a CNAME type response, it will create a new rn node. > 3. The new rn link the same ctxs and send a query. Although the first > ctx->name point the cname, the end ctx->name remain to point the original > name. > 4. The end ctx timeout occours, but it can't del from the new rn link for > ctx->name point the original name. > 5. The new rn recvice the response(code 2), it will call all ctx->handle. > Unfortunately the end ctx has been freed, then the segmentation fault occurs. > > svn diff > Index: ngx_resolver.c > =================================================================== > --- ngx_resolver.c (revision 5170) > +++ ngx_resolver.c (working copy) > @@ -607,6 +607,7 @@ > rn->waiting = ctx; > > ctx->state = NGX_AGAIN; > + ctx->next = NULL; > > return NGX_AGAIN; > > > > Thanks > Pengqian
Thanks for your report. However, we have difficulty trying to understand your description. Could you please provide steps on how to reproduce the problem without going to ngx_resolver.c internals? What name nginx tries to resolve, what it gets in a reply from the DNS server, what happens next, etc. _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
