# HG changeset patch # User Roman Arutyunyan # Date 1497460421 -10800 # Node ID 6169dbad37d85fa8642b9d0a51f0f0f6c19dd3d1 # Parent d49b74a683b10f8ce3285f2c3fbbadbcade85808 Upstream: fixed running posted requests (ticket #788). Previously, the upstream resolve handler always called ngx_http_run_posted_requests() to run posted requests after processing the resolver response. However, if the handler was called directly from the ngx_resolve_name() function (for example, if the resolver response was cached), running posted requests from the handler could lead to the following errors: - If the request was scheduled for termination, it could actually be terminated in the resolve handler. Upper stack frames could reference the freed request object in this case. - If a significant number of requests were posted, and for each of them the resolve handler was called directly from the ngx_resolve_name() function, posted requests could be run recursively and lead to stack overflow. Now ngx_http_run_posted_requests() is only called from asynchronously invoked resolve handlers. diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -1143,11 +1143,14 @@ ngx_http_upstream_cache_check_range(ngx_ static void ngx_http_upstream_resolve_handler(ngx_resolver_ctx_t *ctx) { + ngx_uint_t run_posted; ngx_connection_t *c; ngx_http_request_t *r; ngx_http_upstream_t *u; ngx_http_upstream_resolved_t *ur; + run_posted = ctx->async; + r = ctx->data; c = r->connection; @@ -1211,7 +1214,9 @@ ngx_http_upstream_resolve_handler(ngx_re failed: - ngx_http_run_posted_requests(c); + if (run_posted) { + ngx_http_run_posted_requests(c); + } }