[PATCH 2 of 2] HTTP: suppressed possible overflow in interim r->uri_end calculation
Vladimir Homutov
vl at inspert.ru
Fri Oct 27 11:58:45 UTC 2023
If URI is not fully parsed yet, the r->uri_end pointer is NULL.
As a result, calculation of "new + (r->uri_end - old)" expression
may overflow. In such case, just avoid calculating it, as r->uri_end
will be set correctly later by the parser in any case.
The issue was found by GCC undefined behaviour sanitizer.
src/http/ngx_http_request.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-2.patch
Type: text/x-patch
Size: 1155 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231027/42dd50e7/attachment-0001.bin>
More information about the nginx-devel
mailing list