[PATCH 1 of 2] HTTP: uniform overflow checks in ngx_http_alloc_large_header_buffer

Vladimir Homutov vl at inspert.ru
Fri Nov 10 09:11:54 UTC 2023

If URI is not fully parsed yet, some pointers are not set.
As a result, the calculation of "new + (ptr - old)" expression
may overflow. In such a case, just avoid calculating it, as value
will be set correctly later by the parser in any case.

The issue was found by GCC undefined behaviour sanitizer.

 src/http/ngx_http_request.c |  34 ++++++++++++++++++++++++++--------
 1 files changed, 26 insertions(+), 8 deletions(-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-1.patch
Type: text/x-patch
Size: 2277 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231110/f176fd33/attachment.bin>

More information about the nginx-devel mailing list