Mercurial > hg > nginx-vendor-current
view src/os/unix/rfork_thread.S @ 670:ad45b044f1e5 NGINX_1_1_19
nginx 1.1.19
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
*) Bugfix: nginx/Windows might be terminated abnormally.
Thanks to Vincent Lee.
*) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
"backup".
*) Bugfix: the "allow" and "deny" directives might be inherited
incorrectly if they were used with IPv6 addresses.
*) Bugfix: the "modern_browser" and "ancient_browser" directives might
be inherited incorrectly.
*) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
*) Bugfix: in the ngx_http_mp4_module.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Thu, 12 Apr 2012 00:00:00 +0400 |
| parents | d0f7a625f27c |
| children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <sys/syscall.h> #include <machine/asm.h> /* * rfork_thread(3) - rfork_thread(flags, stack, func, arg); */ #define KERNCALL int $0x80 ENTRY(rfork_thread) push %ebp mov %esp, %ebp push %esi mov 12(%ebp), %esi # the thread stack address sub $4, %esi mov 20(%ebp), %eax # the thread argument mov %eax, (%esi) sub $4, %esi mov 16(%ebp), %eax # the thread start address mov %eax, (%esi) push 8(%ebp) # rfork(2) flags push $0 mov $SYS_rfork, %eax KERNCALL jc error cmp $0, %edx jne child parent: add $8, %esp pop %esi leave ret child: mov %esi, %esp pop %eax call *%eax # call a thread start address ... add $4, %esp push %eax push $0 mov $SYS_exit, %eax # ... and exit(2) after a thread would return KERNCALL error: add $8, %esp pop %esi leave PIC_PROLOGUE /* libc's cerror: jmp PIC_PLT(HIDENAME(cerror)) */ push %eax call PIC_PLT(CNAME(__error)) pop %ecx PIC_EPILOGUE mov %ecx, (%eax) mov $-1, %eax mov $-1, %edx ret