mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Core: skip unset modules in ngx_count_modules() 

During reload, modules removed from config retain ctx_index ==
NGX_MODULE_UNSET_INDEX in old_cycle. Because NGX_MODULE_UNSET_INDEX
equals (ngx_uint_t)-1, the condition "if (module->ctx_index > max)"
evaluates to true, and max is assigned this large value.
The subsequent "max + 1" wraps around to 0 due to unsigned integer
overflow, causing zero-sized allocations and a segfault in stream
module initialization.

Skip such modules to prevent overflow.
The issue was introduced in commit 97f59dda0 ("Dynamic modules.").
This commit is contained in:
Maks 2025-11-20 13:24:53 +03:00
parent 6ed1188411
commit 898daba1d6
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/ngx_module.c
View File

@ -139,6 +139,10 @@ ngx_count_modules(ngx_cycle_t *cycle, ngx_uint_t type)
continue; continue;
} }
if (module->ctx_index == NGX_MODULE_UNSET_INDEX) {
continue;
}
if (module->ctx_index > max) { if (module->ctx_index > max) {
max = module->ctx_index; max = module->ctx_index;
} }