Mercurial > hg > nginx-quic

changeset 9074:77d5c662f3d9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed segfault if regex studies list allocation fails. The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(), and this used to cause NULL pointer dereference if allocation failed. Fix is to set cleanup handler only when allocation succeeds.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 18 Apr 2023 06:28:46 +0300
parents 252a7acd35ce
children b71e69247483
files src/core/ngx_regex.c
diffstat 1 files changed, 3 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/core/ngx_regex.c
+++ b/src/core/ngx_regex.c
@@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle
         return NULL;
     }
 
-    cln->handler = ngx_regex_cleanup;
-    cln->data = rcf;
-
     rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
     if (rcf->studies == NULL) {
         return NULL;
     }
 
+    cln->handler = ngx_regex_cleanup;
+    cln->data = rcf;
+
     ngx_regex_studies = rcf->studies;
 
     return rcf;