Core: fixed potential buffer overrun when initializing hash.

Initial size as calculated from the number of elements may be bigger
than max_size.  If this happens, make sure to set size to max_size.

Reported by Chris West.

diff --git a/src/core/ngx_hash.c b/src/core/ngx_hash.c
index 65ad83947964be426de7a16a8d0c0c9d460624de..e707c09984218716c23fabfa5183df4bec934938 100644 (file)
--- a/src/core/ngx_hash.c
+++ b/src/core/ngx_hash.c
@@ -312,7 +312,7 @@ ngx_hash_init(ngx_hash_init_t *hinit, ngx_hash_key_t *names, ngx_uint_t nelts)
         continue;
     }
 
-    size--;
+    size = hinit->max_size;
 
     ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
                   "could not build optimal %s, you should increase "