fix bug of fmt overflow
wy7980
wy7980 at gmail.com
Sat Nov 10 12:16:35 UTC 2018
# HG changeset patch
# User wy7980 <wy7980 at gmail.com>
# Date 1541824641 -28800
# Sat Nov 10 12:37:21 2018 +0800
# Node ID e93ac0fd29c1f49e7dd49ff5e1efd58c009d359a
# Parent a2506436986ae9cf941fd9477aa77e28f501e11d
fix bug of fmt overflow
diff -r a2506436986a -r e93ac0fd29c1 src/core/ngx_string.c
--- a/src/core/ngx_string.c Tue Nov 06 16:32:09 2018 +0300
+++ b/src/core/ngx_string.c Sat Nov 10 12:37:21 2018 +0800
@@ -172,8 +172,9 @@
ngx_uint_t width, sign, hex, max_width, frac_width, scale,
n;
ngx_str_t *v;
ngx_variable_value_t *vv;
-
- while (*fmt && buf < last) {
+ char *fmt_last = (char *)fmt + strlen(fmt);
+
+ while (*fmt && buf < last && fmt < fmt_last) {
/*
* "buf < last" means that we could copy at least one character:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20181110/81377fad/attachment.html>
More information about the nginx-devel
mailing list