In the same issue that you have linked, there is a comment pointing to the "nginx_refactoring" branch where you can find this fix and others.
The branch still in development/test as more minor issues should be fixed before merge it to our mainline.
Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs
Trustwave | SMART SECURITY ON DEMAND
I'm testing ModSec 2.7.5 and 2.8.0 with NGINX and find a problem when SecResponseBodyAccess is turned on.
The error is produced by a dangling pointer in move_brigade_to_chain() (apr_bucket_nginx.c). It has already been reported in March (https://github.com/SpiderLabs/ModSecurity/issues/681
There are two ngx_alloc_chain_link() in the function, the second is correct, but the first one does not initialize 'cl->next' before copying it to the last link (ll). It is enough to add :
cl->next = NULL;
just after cl->buf->last_buf = 1.
This causes crazy behavior as infinite allocation loops and seg-faults.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information
contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.