From f1d5d03eee7917430c44c9ee8dcaba4efbb79cab Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Sat, 23 Feb 2013 13:23:48 +0000 Subject: [PATCH] Fixed potential segfault in ngx_http_keepalive_handler(). In case of error in the read event handling we close a connection by calling ngx_http_close_connection(), that also destroys connection pool. Thereafter, an attempt to free a buffer (added in r4892) that was allocated from the pool could cause SIGSEGV and is meaningless as well (the buffer already freed with the pool). --- src/http/ngx_http_request.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 763e7bf11..5dc6942b0 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -2758,6 +2758,7 @@ ngx_http_keepalive_handler(ngx_event_t *rev) if (n == NGX_AGAIN) { if (ngx_handle_read_event(rev, 0) != NGX_OK) { ngx_http_close_connection(c); + return; } /*