Mercurial > hg > nginx-quic
changeset 9074:77d5c662f3d9
Fixed segfault if regex studies list allocation fails.
The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(),
and this used to cause NULL pointer dereference if allocation
failed. Fix is to set cleanup handler only when allocation succeeds.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 18 Apr 2023 06:28:46 +0300 |
parents | 252a7acd35ce |
children | b71e69247483 |
files | src/core/ngx_regex.c |
diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/core/ngx_regex.c +++ b/src/core/ngx_regex.c @@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle return NULL; } - cln->handler = ngx_regex_cleanup; - cln->data = rcf; - rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t)); if (rcf->studies == NULL) { return NULL; } + cln->handler = ngx_regex_cleanup; + cln->data = rcf; + ngx_regex_studies = rcf->studies; return rcf;