details: http://hg.nginx.org/nginx/rev/b624fbf7bee2 branches: changeset: 7004:b624fbf7bee2 user: Valentin Bartenev <vb...@nginx.com> date: Tue May 23 20:19:39 2017 +0300 description: HTTP/2: fixed segfault when memory allocation failed.
If allocation of cleanup handler in the HTTP/2 header filter failed, then a stream might be freed with a HEADERS frame left in the output queue. Now the HEADERS frame is accounted in the queue before trying to allocate the cleanup handler. diffstat: src/http/v2/ngx_http_v2_filter_module.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (21 lines): diff -r 7943298d4ac0 -r b624fbf7bee2 src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c Mon May 22 16:34:47 2017 +0300 +++ b/src/http/v2/ngx_http_v2_filter_module.c Tue May 23 20:19:39 2017 +0300 @@ -619,6 +619,8 @@ ngx_http_v2_header_filter(ngx_http_reque ngx_http_v2_queue_blocked_frame(r->stream->connection, frame); + r->stream->queued = 1; + cln = ngx_http_cleanup_add(r, 0); if (cln == NULL) { return NGX_ERROR; @@ -627,8 +629,6 @@ ngx_http_v2_header_filter(ngx_http_reque cln->handler = ngx_http_v2_filter_cleanup; cln->data = r->stream; - r->stream->queued = 1; - fc->send_chain = ngx_http_v2_send_chain; fc->need_last_buf = 1; _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel