Incident report on memory leak caused by Cloudflare parser bug -http://buff.ly/2lB3gCe
-
-
Both pointers were valid and pointer to data in Nginx buffer (which is why bug happened in the first place).
-
Blog says repeatedly "past the end of the buffer." Is that not accurate?
-
As it shows, Nginx indicates end of the buffer with ->last, which indicates end of data buffer.
-
But Nginx uses a memory pool, which means that actual memory block behind the buffer can be bigger.
-
Also, as far as I remember, that undefined behavior applies only to array elements, not to "raw" pointers.
-
Dunno what you mean by "raw" pointer. 6.5.6 of C standard only defines pointer arithmetic for pointers into arrays.
-
Even if nginx uses a memory pool, how can you guarantee p never goes past what C considers to be the array object?
-
Fact that nginx crashed sometimes suggests that you can't.
- 1 more reply
New conversation -
-
-
A pointer one past the end is valid and the blog post suggest that this is what is being used here?
-
No. pe is one past end, so == suffices. p went beyond even that.
-
Ah good point, thanks.
End of conversation
New conversation -
-
-
Depends on the exact circumstances. If `++p` went _exactly_ one element past the buffer, then IT IS valid and defined.
-
Yes, one past end is valid and would have been caught by p == pe. In this case, pointer went beyond that.
-
that's why amended my tweet with the suggestion to always use index iterators for checks way beyond the end of a buffer.
End of conversation
New conversation -
-
-
That's why in general in C one doesn't use pointers for buffer bounds checks. Use index variables and check those.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Not by the standard, but most likely by implementation. This time. Unless overflow.
- 2 more replies
New conversation -
-
-
thanks for pointing this out. I noticed that too.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.