Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read freed memory #245

Open
yyamano opened this issue Dec 9, 2016 · 1 comment
Open

Read freed memory #245

yyamano opened this issue Dec 9, 2016 · 1 comment

Comments

@yyamano
Copy link
Collaborator

yyamano commented Dec 9, 2016

valgrind reports invalid reads.

% curl http://localhost:58080/redirect/internal 

==31904== Invalid read of size 8
==31904==    at 0x5499E1: ngx_mrb_run (ngx_http_mruby_module.c:820)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==  Address 0x7167fd0 is 96 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x5499F3: ngx_mrb_run (ngx_http_mruby_module.c:820)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==  Address 0x7168a00 is 2,704 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x4BC5EF: ngx_http_finalize_request (ngx_http_request.c:2268)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x7167fc8 is 88 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 1
==31904==    at 0x4BC6A5: ngx_http_finalize_request (ngx_http_request.c:2279)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x7168429 is 1,209 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x4BC6FE: ngx_http_finalize_request (ngx_http_request.c:2290)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x7168378 is 1,032 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x4BC8AF: ngx_http_finalize_request (ngx_http_request.c:2337)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x7168378 is 1,032 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 1
==31904==    at 0x4BCB90: ngx_http_finalize_request (ngx_http_request.c:2404)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x716842b is 1,211 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x4BCBB1: ngx_http_finalize_request (ngx_http_request.c:2404)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x7168388 is 1,048 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 1
==31904==    at 0x4BCBC1: ngx_http_finalize_request (ngx_http_request.c:2404)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==    by 0x4983EC: ngx_single_process_cycle (ngx_process_cycle.c:309)
==31904==    by 0x45757A: main (nginx.c:364)
==31904==  Address 0x7168423 is 1,203 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x460C8B: ngx_vslprintf (ngx_string.c:237)
==31904==    by 0x459D7F: ngx_log_error_core (ngx_log.c:135)
==31904==    by 0x4BCC55: ngx_http_finalize_request (ngx_http_request.c:2414)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==  Address 0x7168310 is 928 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 8
==31904==    at 0x460C9D: ngx_vslprintf (ngx_string.c:238)
==31904==    by 0x459D7F: ngx_log_error_core (ngx_log.c:135)
==31904==    by 0x4BCC55: ngx_http_finalize_request (ngx_http_request.c:2414)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==    by 0x48AEE0: ngx_process_events_and_timers (ngx_event.c:242)
==31904==  Address 0x7168318 is 936 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 1
==31904==    at 0x4C2E410: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x460CB6: ngx_vslprintf (ngx_string.c:238)
==31904==    by 0x459D7F: ngx_log_error_core (ngx_log.c:135)
==31904==    by 0x4BCC55: ngx_http_finalize_request (ngx_http_request.c:2414)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==  Address 0x71692f0 is 48 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
==31904== 
==31904== Invalid read of size 1
==31904==    at 0x4C2E41E: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x460CB6: ngx_vslprintf (ngx_string.c:238)
==31904==    by 0x459D7F: ngx_log_error_core (ngx_log.c:135)
==31904==    by 0x4BCC55: ngx_http_finalize_request (ngx_http_request.c:2414)
==31904==    by 0x4AC2A8: ngx_http_core_rewrite_phase (ngx_http_core_module.c:912)
==31904==    by 0x4AC0B6: ngx_http_core_run_phases (ngx_http_core_module.c:845)
==31904==    by 0x4AC024: ngx_http_handler (ngx_http_core_module.c:828)
==31904==    by 0x4BBBEF: ngx_http_process_request (ngx_http_request.c:1914)
==31904==    by 0x4BA553: ngx_http_process_request_headers (ngx_http_request.c:1346)
==31904==    by 0x4B9936: ngx_http_process_request_line (ngx_http_request.c:1026)
==31904==    by 0x4B85A4: ngx_http_wait_request_handler (ngx_http_request.c:503)
==31904==    by 0x49BF3E: ngx_epoll_process_events (ngx_epoll_module.c:907)
==31904==  Address 0x71692f2 is 50 bytes inside a block of size 4,096 free'd
==31904==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31904==    by 0x45B354: ngx_destroy_pool (ngx_palloc.c:90)
==31904==    by 0x4BF0FB: ngx_http_free_request (ngx_http_request.c:3502)
==31904==    by 0x4BDC5F: ngx_http_set_keepalive (ngx_http_request.c:2904)
==31904==    by 0x4BD0F9: ngx_http_finalize_connection (ngx_http_request.c:2549)
==31904==    by 0x4BC694: ngx_http_finalize_request (ngx_http_request.c:2275)
==31904==    by 0x55017E: ngx_mrb_redirect (ngx_http_mruby_core.c:299)
==31904==    by 0x57D1E8: mrb_vm_exec (vm.c:1150)
==31904==    by 0x58290D: mrb_vm_run (vm.c:759)
==31904==    by 0x58290D: mrb_run (vm.c:2424)
==31904==    by 0x549730: ngx_mrb_run (ngx_http_mruby_module.c:781)
==31904==    by 0x54D211: ngx_http_mruby_rewrite_inline_handler (ngx_http_mruby_module.c:1995)
==31904==    by 0x4AC259: ngx_http_core_rewrite_phase (ngx_http_core_module.c:899)
@yyamano
Copy link
Collaborator Author

yyamano commented Dec 12, 2016

After looking at the code, I'm not so sure if we can avoid reading freed memory in ngx_mrb_run().

from https://github.com/matsumotory/ngx_mruby/blob/master/src/http/ngx_http_mruby_module.c#L820

  if (ngx_http_get_module_ctx(r, ngx_http_mruby_module) != NULL) {

from ngx_http.h

75 #define ngx_http_get_module_ctx(r, module)  (r)->ctx[module.ctx_index]

from ngx_http_request.c

   3494     /*
   3495      * Setting r->pool to NULL will increase probability to catch double close
   3496      * of request since the request object is allocated from its own pool.
   3497      */
   3498
   3499     pool = r->pool;                                                                                                       
   3500     r->pool = NULL;                                                                                                       
   3501
   3502     ngx_destroy_pool(pool);                                                                                               
   3503 }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yyamano