fix bug of fmt overflow
Valentin V. Bartenev
vbart at nginx.com
Sat Nov 10 12:29:41 UTC 2018
On Saturday, 10 November 2018 15:16:35 MSK wy7980 wrote:
> # HG changeset patch
> # User wy7980 <wy7980 at gmail.com>
> # Date 1541824641 -28800
> # Sat Nov 10 12:37:21 2018 +0800
> # Node ID e93ac0fd29c1f49e7dd49ff5e1efd58c009d359a
> # Parent a2506436986ae9cf941fd9477aa77e28f501e11d
>
> fix bug of fmt overflow
>
> diff -r a2506436986a -r e93ac0fd29c1 src/core/ngx_string.c
> --- a/src/core/ngx_string.c Tue Nov 06 16:32:09 2018 +0300
> +++ b/src/core/ngx_string.c Sat Nov 10 12:37:21 2018 +0800
> @@ -172,8 +172,9 @@
> ngx_uint_t width, sign, hex, max_width, frac_width, scale,
> n;
> ngx_str_t *v;
> ngx_variable_value_t *vv;
> -
> - while (*fmt && buf < last) {
> + char *fmt_last = (char *)fmt + strlen(fmt);
> +
> + while (*fmt && buf < last && fmt < fmt_last) {
>
> /*
> * "buf < last" means that we could copy at least one character:
>
Could you clarify what bug you are trying to fix?
There should be no overflows unless you specified an incorrect format string.
wbr, Valentin V. Bartenev
More information about the nginx-devel
mailing list