[PATCH] Fixing memory overflow issues in ngx_resolver's debug logging code
Maxim Dounin
mdounin at mdounin.ru
Fri Jun 1 16:27:55 UTC 2012
Hello!
On Fri, Jun 01, 2012 at 06:59:44PM +0400, Ruslan Ermilov wrote:
> > Basically, when calling ngx_log_debug6 from within
> > ngx_resolver_process_response, the "%ui" formatter is incorrectly used
> > for int-typed values "(query->nns_hi << 8) + query->nns_lo" and
> > "(query->nar_hi << 8) + query->nar_lo".
> >
> > Below attaches a patch for nginx 1.3.0 :)
> >
> > Hope this helps,
> > -agentzh
> >
> > --- nginx-1.3.0/src/core/ngx_resolver.c 2012-05-14 17:13:45.000000000 +0800
> > +++ nginx-1.3.0-patched/src/core/ngx_resolver.c 2012-06-01
> > 18:08:06.512047421 +0800
> > @@ -1035,7 +1035,7 @@
> > nan = (query->nan_hi << 8) + query->nan_lo;
> >
> > ngx_log_debug6(NGX_LOG_DEBUG_CORE, r->log, 0,
> > - "resolver DNS response %ui fl:%04Xui %ui/%ui/%ui/%ui",
> > + "resolver DNS response %ui fl:%04Xui %ui/%ui/%ud/%ud",
> > ident, flags, nqs, nan,
> > (query->nns_hi << 8) + query->nns_lo,
> > (query->nar_hi << 8) + query->nar_lo);
>
> I think a better approach would be to cast the last two expressions
> to ngx_uint_t, like is done for other expressions (via assignments):
I don't really see a reason for explicit cast, using correct
format is enough. It's highly unlikely we'll ever use nns/nar, so
the probability that they'll become variables and %ui format will
be appropriate is negligible.
Maxim Dounin
More information about the nginx-devel
mailing list