--- nginx-0.8.35/src/core/ngx_palloc.c 2009-12-17
04:25:46.000000000 -0800<br>+++ nginx-0.8.35.fixed/src/core/ngx_palloc.c 2010-04-18
19:28:43.680353209 -0700<br>@@ -105,9 +105,10 @@<br> }<br> <br> pool->large = NULL;<br>
+ pool->d.last = (u_char *) pool + sizeof(ngx_pool_t);<br> <br>-
for (p = pool; p; p = p->d.next) {<br>- p->d.last =
(u_char *) p + sizeof(ngx_pool_t);<br>+ for (p = pool->d.next; p; p
= p->d.next) {<br>
+ p->d.last = (u_char *) p + sizeof(ngx_pool_data_t);<br> }<br> }<br><br>This
is my first time bug reporting so please be careful reading this bug
report.<br><br>Only the first pool
in the linked list uses ngx_pool_t, the others use ngx_pool_data_t.<br>
The problem is when the pools resets through ngx_reset_pool it resets
all pools d->last to pool + sizeof(ngx_pool_t) and therefore creating<br>an
unsued memory chunk through further allocations.<br><br>The program
should reset d->last of the first pool to pool + sizeof(ngx_pool_t)
and the rest to pool + sizeof(ngx_pool_data_t).<br>
<br>Best regards, Fredrik Yhlen<br>