[nginx] svn commit: r4577 - in trunk/src: core event

mdounin at mdounin.ru mdounin at mdounin.ru
Fri Apr 6 23:46:09 UTC 2012 

Author: mdounin
Date: 2012-04-06 23:46:09 +0000 (Fri, 06 Apr 2012)
New Revision: 4577
URL: http://trac.nginx.org/nginx/changeset/4577/nginx

Log:
Fixed signed integer overflows in timer code (ticket #145).

Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.


Modified:
   trunk/src/core/ngx_rbtree.c
   trunk/src/event/ngx_event_timer.c

Modified: trunk/src/core/ngx_rbtree.c
===================================================================
--- trunk/src/core/ngx_rbtree.c	2012-04-05 19:49:34 UTC (rev 4576)
+++ trunk/src/core/ngx_rbtree.c	2012-04-06 23:46:09 UTC (rev 4577)
@@ -136,8 +136,7 @@
 
         /*  node->key < temp->key */
 
-        p = ((ngx_rbtree_key_int_t) node->key - (ngx_rbtree_key_int_t) temp->key
-              < 0)
+        p = ((ngx_rbtree_key_int_t) (node->key - temp->key) < 0)
             ? &temp->left : &temp->right;
 
         if (*p == sentinel) {

Modified: trunk/src/event/ngx_event_timer.c
===================================================================
--- trunk/src/event/ngx_event_timer.c	2012-04-05 19:49:34 UTC (rev 4576)
+++ trunk/src/event/ngx_event_timer.c	2012-04-06 23:46:09 UTC (rev 4577)
@@ -67,7 +67,7 @@
 
     ngx_mutex_unlock(ngx_event_timer_mutex);
 
-    timer = (ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec;
+    timer = (ngx_msec_int_t) (node->key - ngx_current_msec);
 
     return (ngx_msec_t) (timer > 0 ? timer : 0);
 }
@@ -95,8 +95,7 @@
 
         /* node->key <= ngx_current_time */
 
-        if ((ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec <= 0)
-        {
+        if ((ngx_msec_int_t) (node->key - ngx_current_msec) <= 0) {
             ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
 
 #if (NGX_THREADS)

More information about the nginx-devel mailing list