[njs] Fixed one byte overread in njs_string_to_c_string().
Valentin Bartenev
vbart at nginx.com
Thu Jul 25 17:42:13 UTC 2019
details: https://hg.nginx.org/njs/rev/644af379d226
branches:
changeset: 1068:644af379d226
user: Valentin Bartenev <vbart at nginx.com>
date: Thu Jul 25 20:17:42 2019 +0300
description:
Fixed one byte overread in njs_string_to_c_string().
Short strings are packed quite tight in njs_value_t, so there's
no one more byte to test.
struct {
njs_value_type_t type:8;
uint8_t size:4;
uint8_t length:4;
u_char start[14];
} short_string;
With 14 bytes string this occupies 16 bytes, which is equal
to sizeof(njs_value_t).
diffstat:
njs/njs_string.c | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
diffs (15 lines):
diff -r 427edfbe6762 -r 644af379d226 njs/njs_string.c
--- a/njs/njs_string.c Tue Jul 23 19:42:25 2019 +0300
+++ b/njs/njs_string.c Thu Jul 25 20:17:42 2019 +0300
@@ -3906,10 +3906,7 @@ njs_string_to_c_string(njs_vm_t *vm, njs
start = value->short_string.start;
size = value->short_string.size;
- if (start[size] == '\0') {
- return start;
-
- } else if (size < NJS_STRING_SHORT) {
+ if (size < NJS_STRING_SHORT) {
start[size] = '\0';
return start;
}
More information about the nginx-devel
mailing list