# HG changeset patch # User Maxim Dounin # Date 1364577551 0 # Node ID 7f141f99f1cdd2a7bb2b4a3f13bf6e83defdeb70 # Parent 0dbe5eaa238851684587cea88994216d688bc73a Merge of r5083: fixed potential segfault in keepalive handler. Fixed potential segfault in ngx_http_keepalive_handler(). In case of error in the read event handling we close a connection by calling ngx_http_close_connection(), that also destroys connection pool. Thereafter, an attempt to free a buffer (added in r4892) that was allocated from the pool could cause SIGSEGV and is meaningless as well (the buffer already freed with the pool). diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -2743,6 +2743,7 @@ ngx_http_keepalive_handler(ngx_event_t * if (n == NGX_AGAIN) { if (ngx_handle_read_event(rev, 0) != NGX_OK) { ngx_http_close_connection(c); + return; } /*