Fixed segfault if regex studies list allocation fails.

mdounin · mdounin · commit 25c546ac37ba · 2023-04-18T06:28:46.000+03:00
The rcf-&gt;studies list is unconditionally accessed by ngx_regex_cleanup(),
and this used to cause NULL pointer dereference if allocation
failed.  Fix is to set cleanup handler only when allocation succeeds.
diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
@@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
         return NULL;
     }
 
-    cln->handler = ngx_regex_cleanup;
-    cln->data = rcf;
-
     rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
     if (rcf->studies == NULL) {
         return NULL;
     }
 
+    cln->handler = ngx_regex_cleanup;
+    cln->data = rcf;
+
     ngx_regex_studies = rcf->studies;
 
     return rcf;
