[njs] Fixed integer overflow in njs_typed_array_constructor().

Dmitry Volyntsev xeioex at nginx.com
Thu Jan 9 12:55:26 UTC 2020


details:   https://hg.nginx.org/njs/rev/aa9a42bfc727
branches:  
changeset: 1296:aa9a42bfc727
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Thu Jan 09 15:54:52 2020 +0300
description:
Fixed integer overflow in njs_typed_array_constructor().

Found by Coverity (CID 1457371).

diffstat:

 src/njs_typed_array.c |  2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff -r 4e3c2f9e4eee -r aa9a42bfc727 src/njs_typed_array.c
--- a/src/njs_typed_array.c	Thu Jan 09 15:54:16 2020 +0300
+++ b/src/njs_typed_array.c	Thu Jan 09 15:54:52 2020 +0300
@@ -85,7 +85,7 @@ njs_typed_array_constructor(njs_vm_t *vm
 
     } else if (njs_is_typed_array(value)) {
         src_tarray = njs_typed_array(value);
-        size = njs_typed_array_length(src_tarray) * element_size;
+        size = (uint64_t) njs_typed_array_length(src_tarray) * element_size;
 
     } else if (njs_is_object(value)) {
         if (njs_is_array(value) && njs_object_hash_is_empty(value)) {


More information about the nginx-devel mailing list