[njs] Avoiding arithmetic operations with NULL pointer in TextDecoder().

Dmitry Volyntsev xeioex at nginx.com
Tue Jan 9 17:31:22 UTC 2024


details:   https://hg.nginx.org/njs/rev/5d2a3da0674f
branches:  
changeset: 2261:5d2a3da0674f
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Mon Jan 08 22:20:19 2024 -0800
description:
Avoiding arithmetic operations with NULL pointer in TextDecoder().

Found by UndefinedBehaviorSanitizer.

diffstat:

 src/njs_encoding.c |   2 +-
 src/njs_utf8.c     |  30 ++++++++++++++++--------------
 2 files changed, 17 insertions(+), 15 deletions(-)

diffs (57 lines):

diff -r c15a6129ade7 -r 5d2a3da0674f src/njs_encoding.c
--- a/src/njs_encoding.c	Mon Jan 08 22:20:10 2024 -0800
+++ b/src/njs_encoding.c	Mon Jan 08 22:20:19 2024 -0800
@@ -543,7 +543,7 @@ njs_text_decoder_decode(njs_vm_t *vm, nj
 
     /* Looking for BOM. */
 
-    if (!data->ignore_bom) {
+    if (start != NULL && !data->ignore_bom) {
         start += njs_utf8_bom(start, end);
     }
 
diff -r c15a6129ade7 -r 5d2a3da0674f src/njs_utf8.c
--- a/src/njs_utf8.c	Mon Jan 08 22:20:10 2024 -0800
+++ b/src/njs_utf8.c	Mon Jan 08 22:20:19 2024 -0800
@@ -361,25 +361,27 @@ njs_utf8_stream_length(njs_unicode_decod
     size = 0;
     length = 0;
 
-    end = p + len;
+    if (p != NULL) {
+        end = p + len;
+
+        while (p < end) {
+            codepoint = njs_utf8_decode(ctx, &p, end);
 
-    while (p < end) {
-        codepoint = njs_utf8_decode(ctx, &p, end);
+            if (codepoint > NJS_UNICODE_MAX_CODEPOINT) {
+                if (codepoint == NJS_UNICODE_CONTINUE) {
+                    break;
+                }
 
-        if (codepoint > NJS_UNICODE_MAX_CODEPOINT) {
-            if (codepoint == NJS_UNICODE_CONTINUE) {
-                break;
+                if (fatal) {
+                    return -1;
+                }
+
+                codepoint = NJS_UNICODE_REPLACEMENT;
             }
 
-            if (fatal) {
-                return -1;
-            }
-
-            codepoint = NJS_UNICODE_REPLACEMENT;
+            size += njs_utf8_size(codepoint);
+            length++;
         }
-
-        size += njs_utf8_size(codepoint);
-        length++;
     }
 
     if (last && ctx->need != 0x00) {


More information about the nginx-devel mailing list