Mercurial > hg > nginx
view src/http/v2/ngx_http_v2_encode.c @ 8007:011f5ebdb928
HTTP/2: fixed closed_nodes overflow (ticket #1708).
With large http2_max_concurrent_streams or http2_max_concurrent_pushes, more
than 255 ngx_http_v2_node_t structures might be allocated, eventually leading
to h2c->closed_nodes overflow when closing corresponding streams. This will
in turn result in additional allocations in ngx_http_v2_get_node_by_id().
While mostly harmless, it can result in excessive memory usage by a HTTP/2
connection, notably in configurations with many keepalive_requests allowed.
Fix is to use ngx_uint_t for h2c->closed_nodes instead of unsigned:8.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 03 Feb 2022 22:46:01 +0300 |
parents | 336084ff943b |
children |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. * Copyright (C) Valentin V. Bartenev */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> static u_char *ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value); u_char * ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, u_char *tmp, ngx_uint_t lower) { size_t hlen; hlen = ngx_http_huff_encode(src, len, tmp, lower); if (hlen > 0) { *dst = NGX_HTTP_V2_ENCODE_HUFF; dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), hlen); return ngx_cpymem(dst, tmp, hlen); } *dst = NGX_HTTP_V2_ENCODE_RAW; dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), len); if (lower) { ngx_strlow(dst, src, len); return dst + len; } return ngx_cpymem(dst, src, len); } static u_char * ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value) { if (value < prefix) { *pos++ |= value; return pos; } *pos++ |= prefix; value -= prefix; while (value >= 128) { *pos++ = value % 128 + 128; value /= 128; } *pos++ = (u_char) value; return pos; }