From: Maxim Dounin Date: Tue, 18 Apr 2023 03:28:46 +0000 (+0300) Subject: Fixed segfault if regex studies list allocation fails. X-Git-Tag: release-1.25.0~6 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/static/gitweb.js?a=commitdiff_plain;h=25c546ac37ba622b93c1a7075bd7eb447bac17b2;p=nginx.git Fixed segfault if regex studies list allocation fails. The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(), and this used to cause NULL pointer dereference if allocation failed. Fix is to set cleanup handler only when allocation succeeds. --- diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c index bebf3b6a8..91381f499 100644 --- a/src/core/ngx_regex.c +++ b/src/core/ngx_regex.c @@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle) return NULL; } - cln->handler = ngx_regex_cleanup; - cln->data = rcf; - rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t)); if (rcf->studies == NULL) { return NULL; } + cln->handler = ngx_regex_cleanup; + cln->data = rcf; + ngx_regex_studies = rcf->studies; return rcf;