search

slact / nchan

Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE), powered by Nginx.
https://nchan.io/
Other
3.01k stars 293 forks source link

Explicitly specifying the client_body_temp_path to the path same as default results in a segmentation fault #677

Open hirose31 opened 10 months ago

hirose31 commented 10 months ago

Description

In nginx with nchan enabled, setting the client_body_temp_path in nginx.conf to the default path results in a segmentation fault.

Environment

I confirmed this issue in the following environments:

To Reproduce

wget https://nginx.org/download/nginx-1.25.3.tar.gz
git clone https://github.com/slact/nchan.git

tar zxf nginx-1.25.3.tar.gz
cd nginx-1.25.3

./configure --with-debug --prefix=/usr/local/nginx --add-module=../nchan
make && sudo make install

# No issues when client_body_temp_path is not explicitly set in nginx.conf.
sudo /usr/local/nginx/sbin/nginx -t
=>
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# Segmentation fault occurs when explicitly setting the path the same as the default.
# add to http context:
# client_body_temp_path /usr/local/nginx/client_body_temp 1 2;
sudo vi /usr/local/nginx/conf/nginx.conf

sudo /usr/local/nginx/sbin/nginx -t
Segmentation fault

# No issues when setting a path different from the default.
# add to http context:
# client_body_temp_path /usr/local/nginx/client_body_temp_foo 1 2;
sudo vi /usr/local/nginx/conf/nginx.conf

sudo /usr/local/nginx/sbin/nginx -t
=>
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

The result of gdb is as follows:

$ sudo gdb --args /usr/local/nginx/sbin/nginx -t
...
Reading symbols from /usr/local/nginx/sbin/nginx...
(gdb) run
Starting program: /usr/local/nginx/sbin/nginx -t
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
ngx_sprintf_str (buf=0x7fffffffd86a "\377\377\377\177", last=last@entry=0x7fffffffdc30 "\244p`e", src=0x0, len=18446744073709551615, hexadecimal=0) at src/core/ngx_string.c:580
580                 while (*src && buf < last) {

(gdb) bt
#0  ngx_sprintf_str (buf=0x7fffffffd86a "\377\377\377\177",
    last=last@entry=0x7fffffffdc30 "\244p`e", src=0x0, len=18446744073709551615, hexadecimal=0)
    at src/core/ngx_string.c:580
#1  0x00005555555863a9 in ngx_vslprintf (buf=<optimized out>,
    buf@entry=0x7fffffffd830 "the same path name \"/usr/local/nginx/client_body_temp\" in \377\377\377\177", last=last@entry=0x7fffffffdc30 "\244p`e",
    fmt=0x555555660a5c "s:%ui has the different levels than", args=args@entry=0x7fffffffd818)
    at src/core/ngx_string.c:271
#2  0x00005555555958e1 in ngx_conf_log_error (level=level@entry=1, cf=cf@entry=0x7fffffffe3b0,
    err=err@entry=0,
    fmt=fmt@entry=0x555555660a40 "the same path name \"%V\" in %s:%ui has the different levels than") at src/core/ngx_conf_file.c:1001
#3  0x000055555558ac91 in ngx_add_path (cf=cf@entry=0x7fffffffe3b0, slot=slot@entry=0x5555559e3c18)
    at src/core/ngx_file.c:568
#4  0x000055555558ae60 in ngx_conf_set_path_slot (cf=0x7fffffffe3b0, cmd=<optimized out>,
    conf=<optimized out>) at src/core/ngx_file.c:412
#5  0x000055555559675b in ngx_conf_handler (last=0, cf=0x7fffffffe3b0)
    at src/core/ngx_conf_file.c:463
#6  ngx_conf_parse (cf=cf@entry=0x7fffffffe3b0, filename=filename@entry=0x0)
    at src/core/ngx_conf_file.c:319
#7  0x00005555555b0c39 in ngx_http_block (cf=0x7fffffffe3b0, cmd=<optimized out>,
    conf=<optimized out>) at src/http/ngx_http.c:239
#8  0x000055555559675b in ngx_conf_handler (last=1, cf=0x7fffffffe3b0)
    at src/core/ngx_conf_file.c:463
#9  ngx_conf_parse (cf=cf@entry=0x7fffffffe3b0, filename=filename@entry=0x5555559e0738)
    at src/core/ngx_conf_file.c:319
#10 0x0000555555593a16 in ngx_init_cycle (old_cycle=old_cycle@entry=0x7fffffffe580)
    at src/core/ngx_cycle.c:284
#11 0x0000555555580d05 in main (argc=<optimized out>, argv=<optimized out>) at src/core/nginx.c:293
(gdb)