Incident report on memory leak caused by Cloudflare parser bug -http://buff.ly/2lB3gCe
-
-
Replying to @Cloudflare
Incorrect statement from
@Cloudflare. Creating and comparing invalid pointer in C is undefined behavior. Post-hoc >= check doesn't cut it.pic.twitter.com/FdiVhvbSBF
6 replies 29 retweets 79 likes -
Replying to @__agwa @Cloudflare
Both pointers were valid and pointer to data in Nginx buffer (which is why bug happened in the first place).
1 reply 0 retweets 5 likes -
Replying to @RReverser @Cloudflare
Blog says repeatedly "past the end of the buffer." Is that not accurate?
1 reply 0 retweets 0 likes -
Replying to @__agwa @Cloudflare
As it shows, Nginx indicates end of the buffer with ->last, which indicates end of data buffer.
1 reply 0 retweets 0 likes -
But Nginx uses a memory pool, which means that actual memory block behind the buffer can be bigger.
2 replies 0 retweets 1 like -
Also, as far as I remember, that undefined behavior applies only to array elements, not to "raw" pointers.
1 reply 0 retweets 0 likes -
Replying to @RReverser @Cloudflare
Dunno what you mean by "raw" pointer. 6.5.6 of C standard only defines pointer arithmetic for pointers into arrays.
2 replies 0 retweets 2 likes -
Even if nginx uses a memory pool, how can you guarantee p never goes past what C considers to be the array object?
1 reply 0 retweets 3 likes
Fact that nginx crashed sometimes suggests that you can't.
-
-
Replying to @__agwa
Correct. C has no built in concept of array size or the "end" of an array.
@RReverser@Cloudflare0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.