[njs] HTTP: avoiding arithmetic ops with NULL pointer in r.args getter.

Dmitry Volyntsev xeioex at nginx.com
Thu Jan 11 23:15:37 UTC 2024


details:   https://hg.nginx.org/njs/rev/4fba78789fe4
branches:  
changeset: 2267:4fba78789fe4
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Thu Jan 11 15:13:47 2024 -0800
description:
HTTP: avoiding arithmetic ops with NULL pointer in r.args getter.

Found by UndefinedBehaviorSanitizer.

diffstat:

 nginx/ngx_http_js_module.c |  7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diffs (24 lines):

diff -r 2b221f44efa6 -r 4fba78789fe4 nginx/ngx_http_js_module.c
--- a/nginx/ngx_http_js_module.c	Thu Jan 11 15:13:43 2024 -0800
+++ b/nginx/ngx_http_js_module.c	Thu Jan 11 15:13:47 2024 -0800
@@ -2615,7 +2615,8 @@ static njs_int_t
 ngx_http_js_ext_get_args(njs_vm_t *vm, njs_object_prop_t *prop,
     njs_value_t *value, njs_value_t *setval, njs_value_t *retval)
 {
-    njs_int_t           ret;
+    u_char              *data;
+    njs_int_t            ret;
     njs_value_t         *args;
     ngx_http_js_ctx_t   *ctx;
     ngx_http_request_t  *r;
@@ -2631,8 +2632,8 @@ ngx_http_js_ext_get_args(njs_vm_t *vm, n
     args = njs_value_arg(&ctx->args);
 
     if (njs_value_is_null(args)) {
-        ret = njs_vm_query_string_parse(vm, r->args.data,
-                                        r->args.data + r->args.len, args);
+        data = (r->args.len != 0) ? r->args.data : (u_char *) "";
+        ret = njs_vm_query_string_parse(vm, data, data + r->args.len, args);
 
         if (ret == NJS_ERROR) {
             return NJS_ERROR;


More information about the nginx-devel mailing list