[PATCH 2 of 2] HTTP: suppressed possible overflow in interim r->uri_end calculation

Vladimir Homutov vl at inspert.ru
Fri Oct 27 11:58:45 UTC 2023

If URI is not fully parsed yet, the r->uri_end pointer is NULL.
As a result, calculation of "new + (r->uri_end - old)" expression
may overflow.  In such case, just avoid calculating it, as r->uri_end
will be set correctly later by the parser in any case.

The issue was found by GCC undefined behaviour sanitizer.

 src/http/ngx_http_request.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-2.patch
Type: text/x-patch
Size: 1155 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231027/42dd50e7/attachment-0001.bin>

More information about the nginx-devel mailing list