Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2_filter_module.c @ 7004:b624fbf7bee2
HTTP/2: fixed segfault when memory allocation failed.
If allocation of cleanup handler in the HTTP/2 header filter failed, then
a stream might be freed with a HEADERS frame left in the output queue.
Now the HEADERS frame is accounted in the queue before trying to allocate
the cleanup handler.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Tue, 23 May 2017 20:19:39 +0300 |
| parents | 663e6a48bfcb |
| children | 4e784e095a97 |
comparison
equal
deleted
inserted
replaced
| 7003:7943298d4ac0 | 7004:b624fbf7bee2 |
|---|---|
| 617 return NGX_ERROR; | 617 return NGX_ERROR; |
| 618 } | 618 } |
| 619 | 619 |
| 620 ngx_http_v2_queue_blocked_frame(r->stream->connection, frame); | 620 ngx_http_v2_queue_blocked_frame(r->stream->connection, frame); |
| 621 | 621 |
| 622 r->stream->queued = 1; | |
| 623 | |
| 622 cln = ngx_http_cleanup_add(r, 0); | 624 cln = ngx_http_cleanup_add(r, 0); |
| 623 if (cln == NULL) { | 625 if (cln == NULL) { |
| 624 return NGX_ERROR; | 626 return NGX_ERROR; |
| 625 } | 627 } |
| 626 | 628 |
| 627 cln->handler = ngx_http_v2_filter_cleanup; | 629 cln->handler = ngx_http_v2_filter_cleanup; |
| 628 cln->data = r->stream; | 630 cln->data = r->stream; |
| 629 | |
| 630 r->stream->queued = 1; | |
| 631 | 631 |
| 632 fc->send_chain = ngx_http_v2_send_chain; | 632 fc->send_chain = ngx_http_v2_send_chain; |
| 633 fc->need_last_buf = 1; | 633 fc->need_last_buf = 1; |
| 634 | 634 |
| 635 return ngx_http_v2_filter_send(fc, r->stream); | 635 return ngx_http_v2_filter_send(fc, r->stream); |