Fixed segfault if regex studies list allocation fails.

The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(),
and this used to cause NULL pointer dereference if allocation
failed.  Fix is to set cleanup handler only when allocation succeeds.
This commit is contained in:
Maxim Dounin 2023-04-18 06:28:46 +03:00
parent 431b302d34
commit 25c546ac37

View File

@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
return NULL; return NULL;
} }
cln->handler = ngx_regex_cleanup;
cln->data = rcf;
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t)); rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
if (rcf->studies == NULL) { if (rcf->studies == NULL) {
return NULL; return NULL;
} }
cln->handler = ngx_regex_cleanup;
cln->data = rcf;
ngx_regex_studies = rcf->studies; ngx_regex_studies = rcf->studies;
return rcf; return rcf;