Core: protection from subrequest loops.

Without the protection, subrequest loop results in r->count overflow and
SIGSEGV.  Protection was broken in 0.7.25.

Note that this also limits number of parallel subrequests.  This
wasn't exactly the case before 0.7.25 as local subrequests were
completed directly.

See here for details:
http://nginx.org/pipermail/nginx-ru/2010-February/032184.html

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
index 251f932fdaf47b69b73a23204919c65ca11eaf0c..24102e492b8cc816e0bed82fdaa0d5f1013928b2 100644 (file)
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -2453,7 +2453,6 @@ ngx_http_subrequest(ngx_http_request_t *r,
     sr->start_sec = tp->sec;
     sr->start_msec = tp->msec;
 
-    r->main->subrequests++;
     r->main->count++;
 
     *psr = sr;

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 2b3f0065bd1d14032cd1aec50b49da66ba2d69f7..c35d550a26239cf908d3d615febc5d9ec42d4ab8 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -2010,6 +2010,7 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
         if (r == c->data) {
 
             r->main->count--;
+            r->main->subrequests++;
 
             if (!r->logged) {