Mercurial > hg > nginx

view src/event/ngx_event_busy_lock.h @ 4489:9806bf07d119

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Event pipe: fixed buffer loss in p->length case. With previous code raw buffer might be lost if p->input_filter() was called on a buffer without any data and used ngx_event_pipe_add_free_buf() to return it to the free list. This eventually might cause "all buffers busy" problem, resulting in segmentation fault due to null pointer dereference in ngx_event_pipe_write_chain_to_temp_file(). In ngx_event_pipe_add_free_buf() the buffer was added to the list start due to pos == last, and then "p->free_raw_bufs = cl->next" in ngx_event_pipe_read_upstream() dropped both chain links to the buffer from the p->free_raw_bufs list. Fix is to move "p->free_raw_bufs = cl->next" before calling the p->input_filter().
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 22 Feb 2012 11:28:53 +0000
parents d620f497c50f
children 457ec43dd8d5
line wrap: on
line source


/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGX_EVENT_BUSY_LOCK_H_INCLUDED_
#define _NGX_EVENT_BUSY_LOCK_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>

typedef struct ngx_event_busy_lock_ctx_s  ngx_event_busy_lock_ctx_t;

struct ngx_event_busy_lock_ctx_s {
    ngx_event_t                *event;
    ngx_event_handler_pt        handler;
    void                       *data;
    ngx_msec_t                  timer;

    unsigned                    locked:1;
    unsigned                    waiting:1;
    unsigned                    cache_updated:1;

    char                       *md5;
    ngx_int_t                   slot;

    ngx_event_busy_lock_ctx_t  *next;
};


typedef struct {
    u_char                     *md5_mask;
    char                       *md5;
    ngx_uint_t                  cacheable;

    ngx_uint_t                  busy;
    ngx_uint_t                  max_busy;

    ngx_uint_t                  waiting;
    ngx_uint_t                  max_waiting;

    ngx_event_busy_lock_ctx_t  *events;
    ngx_event_busy_lock_ctx_t  *last;

#if (NGX_THREADS)
    ngx_mutex_t                *mutex;
#endif
} ngx_event_busy_lock_t;


ngx_int_t ngx_event_busy_lock(ngx_event_busy_lock_t *bl,
    ngx_event_busy_lock_ctx_t *ctx);
ngx_int_t ngx_event_busy_lock_cacheable(ngx_event_busy_lock_t *bl,
    ngx_event_busy_lock_ctx_t *ctx);
void ngx_event_busy_unlock(ngx_event_busy_lock_t *bl,
    ngx_event_busy_lock_ctx_t *ctx);
void ngx_event_busy_lock_cancel(ngx_event_busy_lock_t *bl,
    ngx_event_busy_lock_ctx_t *ctx);


#endif /* _NGX_EVENT_BUSY_LOCK_H_INCLUDED_ */