[PATCH 0 of 2] [patch] some issues found by gcc undef sanitizer

Vladimir Homutov vl at inspert.ru
Fri Nov 10 09:11:53 UTC 2023

> As already noted off-list, this is certainly not the only field
> which might be not yet set when
> ngx_http_alloc_large_header_buffer() is called.  From the patch
> context as shown, at least r->method_end and r->uri_start might
> not be set as well, leading to similar overflows.  And certainly
> there are other fields as well.

Agreed, there is a clear pattern in this case.
I have updated the patch to test other cases as well.

Also, I've created a separate patch to remove r->port_start,
which is actually unused and looks like remnant of old refactoring.

More information about the nginx-devel mailing list