Core: skip special buffers on writing (ticket #981).
A special last buffer with cl->buf->pos set to NULL can be present in a chain when writing request body if chunked encoding was used. This resulted in a NULL pointer dereference if it happened to be the only buffer left after a do...while loop iteration in ngx_write_chain_to_file(). The problem originally appeared in nginx 1.3.9 with chunked encoding support. Additionally, rev. 3832b608dc8d (nginx 1.9.13) changed the minimum number of buffers to trigger this from IOV_MAX (typically 1024) to NGX_IOVS_PREALLOCATE (typically 64). Fix is to skip such buffers in ngx_chain_to_iovec(), much like it is done in other places.
This commit is contained in:
parent
62c778b7ae
commit
f3918385a9
|
@ -356,6 +356,11 @@ ngx_chain_to_iovec(ngx_iovec_t *vec, ngx_chain_t *cl)
|
|||
n = 0;
|
||||
|
||||
for ( /* void */ ; cl; cl = cl->next) {
|
||||
|
||||
if (ngx_buf_special(cl->buf)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
size = cl->buf->last - cl->buf->pos;
|
||||
|
||||
if (prev == cl->buf->pos) {
|
||||
|
|
Loading…
Reference in New Issue