Segfault with upload-progress and upload-module

Hello,

If I submit a form, but keep the “” field empty (not browsing for a
file),
nginx worker segfaults.

Here is the backtrace:

Core was generated by `nginx: worker process
'.
Program terminated with signal 11, Segmentation fault.

#0 0x0808f1ef in ngx_http_do_read_upload_client_request_body
(r=0x82e7838) at
…/nginx_upload_module-2.0.10//ngx_http_upload_module.c:1944
1944 if (rb->buf->last == rb->buf->end) {
(gdb) bt full
#0 0x0808f1ef in ngx_http_do_read_upload_client_request_body
(r=0x82e7838) at
…/nginx_upload_module-2.0.10//ngx_http_upload_module.c:1944
size =
n = 0
limit =
c = (ngx_connection_t *) 0xb655928c
rb = (ngx_http_request_body_t *) 0x8376ba0
u = (ngx_http_upload_ctx_t *) 0x8376858
rc =
delay =
#1 0x0808fc65 in ngx_http_upload_handler (r=0x82e7838) at
…/nginx_upload_module-2.0.10//ngx_http_upload_module.c:1809
ulcf = (ngx_http_upload_loc_conf_t *) 0x82d8554
u =
rc =
#2 0x080900b8 in ngx_http_uploadprogress_content_handler (r=0x82e7838)
at …/nginx-upload-progress-module//ngx_http_uploadprogress_module.c:272
rc =
ctx = (ngx_http_uploadprogress_module_ctx_t *) 0x0
#3 0x0806d7c6 in ngx_http_core_content_phase (r=0x82e7838,
ph=0x82dd984) at src/http/ngx_http_core_module.c:1246
root = 137263160
rc =
path = {len = 0, data = 0x82e7838
“HTTP\214\222U��d7\b\f\231,\b\234D-\b�\202-\b��\b\b��\006\b”}
#4 0x0806a365 in ngx_http_core_run_phases (r=0x82e7838) at
src/http/ngx_http_core_module.c:788
rc =
ph = (ngx_http_phase_handler_t *) 0x82dd918
#5 0x0806a48e in ngx_http_handler (r=0xb655928c) at
src/http/ngx_http_core_module.c:771
No locals.
#6 0x080734c1 in ngx_http_process_request (r=0x82e7838) at
src/http/ngx_http_request.c:1569
c = (ngx_connection_t *) 0xb655928c
#7 0x08073b27 in ngx_http_process_request_headers (rev=0xb6219174) at
src/http/ngx_http_request.c:1032
len =
n = 7
rc = 1
rv =
h = (ngx_table_elt_t *) 0x83766b8
c = (ngx_connection_t *) 0xb655928c
hh =
r = (ngx_http_request_t *) 0x82e7838
cscf = (ngx_http_core_srv_conf_t *) 0x82d453c
#8 0x08066f1f in ngx_epoll_process_events (cycle=0x82c8f98, timer=500,
flags=) at src/event/modules/ngx_epoll_module.c:518
events = 1
revents = 5
i = 0
level =
err =
—Type to continue, or q to quit—
log = (ngx_log_t *) 0x82c8fa4
rev = (ngx_event_t *) 0xb6219174
wev =
queue =
c = (ngx_connection_t *) 0xb655928c
#9 0x0805e3e2 in ngx_process_events_and_timers (cycle=0x82c8f98) at
src/event/ngx_event.c:245
flags = 1
timer = 500
delta = 3631838108
#10 0x080655e4 in ngx_worker_process_cycle (cycle=0x82c8f98, data=0x0)
at src/os/unix/ngx_process_cycle.c:778
i = 0
c =
#11 0x08063bf5 in ngx_spawn_process (cycle=0x82c8f98, proc=0x806550b ,
data=0x0, name=0x80966d5 “worker process”, respawn=0)
at src/os/unix/ngx_process.c:194
on = 1
pid = 0
s = 0
#12 0x08065f65 in ngx_master_process_cycle (cycle=0x82c8f98) at
src/os/unix/ngx_process_cycle.c:580
title =
p =
size = 67
i = 3
n =
set = {__val = {0 }}
itv = {it_interval = {tv_sec = 134627285, tv_usec = 9}, it_value
= {tv_sec = 1, tv_usec = -1693894656}}
live = 0
delay = 0
ccf = (ngx_core_conf_t *) 0x82c9730
#13 0x0804b7bc in main (argc=3, argv=0xbfe7a404) at src/core/nginx.c:382
i =
log = (ngx_log_t *) 0x80a3350
cycle = (ngx_cycle_t *) 0x82c8f98
init_cycle = {conf_ctx = 0x0, pool = 0x82c8548, log = 0x80a3350,
new_log = {log_level = 0, file = 0x0, connection = 0, handler = 0, data
= 0x0, action = 0x0},
files = 0x0, free_connections = 0x0, free_connection_n = 0, listening
= {elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, pathes =
{elts = 0x0, nelts = 0,
size = 0, nalloc = 0, pool = 0x0}, open_files = {last = 0x0, part =
{elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0},
shared_memory = {
last = 0x0, part = {elts = 0x0, nelts = 0, next = 0x0}, size = 0,
nalloc = 0, pool = 0x0}, connection_n = 0, files_n = 0, connections =
0x0, read_events = 0x0,
write_events = 0x0, old_cycle = 0x0, conf_file = {len = 20, data =
0xbfe7a9b6 “”}, conf_param = {len = 0, data = 0x0}, conf_prefix = {len =
10,
data = 0xbfe7a9b6 “”}, prefix = {len = 17, data = 0x8092ad7
“/usr/local/nginx/”}, lock_file = {len = 0, data = 0x0}, hostname = {len
= 0, data = 0x0}}
ccf = (ngx_core_conf_t *) 0x82c9730
(gdb) Quit

Thank you very much
Markus

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,21412,21412#msg-21412

Wrong, this happened, if the POST data does not contain a at all.

Thanks
Marcus

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,21412,21418#msg-21418