mirror of
https://github.com/nginx/nginx.git
synced 2024-11-21 16:28:40 +00:00
Fixed segfault if regex studies list allocation fails.
The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(), and this used to cause NULL pointer dereference if allocation failed. Fix is to set cleanup handler only when allocation succeeds.
This commit is contained in:
parent
431b302d34
commit
25c546ac37
@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
cln->handler = ngx_regex_cleanup;
|
|
||||||
cln->data = rcf;
|
|
||||||
|
|
||||||
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
||||||
if (rcf->studies == NULL) {
|
if (rcf->studies == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cln->handler = ngx_regex_cleanup;
|
||||||
|
cln->data = rcf;
|
||||||
|
|
||||||
ngx_regex_studies = rcf->studies;
|
ngx_regex_studies = rcf->studies;
|
||||||
|
|
||||||
return rcf;
|
return rcf;
|
||||||
|
Loading…
Reference in New Issue
Block a user