Hello! On Fri, Sep 30, 2022 at 12:07:47PM +0800, zjd wrote:
> If disturb everyone, I'm sorry. > > l->alloc itself address(&l->alloc) in the pool can be reused > rather than l->alloc pointer to wild address, &l->alloc return > to pool. > And I try only use large memory with Maxim's way, but it's not > coredump. Because coredump is accident, not coredump maybe be > reasonable. if l->alloc is not setted NULL after free, the place > where use ngx_palloc or ngx_array_push etc, need memzero to > avoid wild pointer after use ngx_reset_pool. The ngx_palloc() and ngx_array_push() are expected to return allocated, but uninitialized memory, much like normal malloc(). The returned memory needs to be initialized before use. If you need zeroed memory, you can either use ngx_calloc(), which explicitly initializes all allocated bytes to zero, much like calloc(), or clear the memory yourself with ngx_memzero(). Compiling nginx with NGX_DEBUG_PALLOC and using your OS malloc options to debug memory should help to catch memory access bugs, and using uninitialized memory in particular. When using Linux, see [1], notably MALLOC_CHECK_ and MALLOC_PERTURB_ environment variables (note that you may need to use env[2] to pass these to worker processes). Alternatively, you may consider using various tools, such as Address Sanitizer, Memory Sanitizer, and Valgrind. These may need some effort to make them work correctly, though should should catch most of the possible bugs, including out-of-bounds accesses and uninitialized memory accesses (see, for example, [3]). Hope this helps. [1] https://man7.org/linux/man-pages/man3/mallopt.3.html [2] http://nginx.org/r/env [3] https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org