Mercurial > hg > nginx
comparison src/core/ngx_string.c @ 7067:e3723f2a11b7
Parenthesized ASCII-related calculations.
This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 17 Jul 2017 17:23:51 +0300 |
parents | 289403abc84e |
children | 874171c3c71a |
comparison
equal
deleted
inserted
replaced
7066:a27e0c7e198c | 7067:e3723f2a11b7 |
---|---|
176 max_width = 0; | 176 max_width = 0; |
177 frac_width = 0; | 177 frac_width = 0; |
178 slen = (size_t) -1; | 178 slen = (size_t) -1; |
179 | 179 |
180 while (*fmt >= '0' && *fmt <= '9') { | 180 while (*fmt >= '0' && *fmt <= '9') { |
181 width = width * 10 + *fmt++ - '0'; | 181 width = width * 10 + (*fmt++ - '0'); |
182 } | 182 } |
183 | 183 |
184 | 184 |
185 for ( ;; ) { | 185 for ( ;; ) { |
186 switch (*fmt) { | 186 switch (*fmt) { |
209 | 209 |
210 case '.': | 210 case '.': |
211 fmt++; | 211 fmt++; |
212 | 212 |
213 while (*fmt >= '0' && *fmt <= '9') { | 213 while (*fmt >= '0' && *fmt <= '9') { |
214 frac_width = frac_width * 10 + *fmt++ - '0'; | 214 frac_width = frac_width * 10 + (*fmt++ - '0'); |
215 } | 215 } |
216 | 216 |
217 break; | 217 break; |
218 | 218 |
219 case '*': | 219 case '*': |
1653 case sw_quoted_second: | 1653 case sw_quoted_second: |
1654 | 1654 |
1655 state = sw_usual; | 1655 state = sw_usual; |
1656 | 1656 |
1657 if (ch >= '0' && ch <= '9') { | 1657 if (ch >= '0' && ch <= '9') { |
1658 ch = (u_char) ((decoded << 4) + ch - '0'); | 1658 ch = (u_char) ((decoded << 4) + (ch - '0')); |
1659 | 1659 |
1660 if (type & NGX_UNESCAPE_REDIRECT) { | 1660 if (type & NGX_UNESCAPE_REDIRECT) { |
1661 if (ch > '%' && ch < 0x7f) { | 1661 if (ch > '%' && ch < 0x7f) { |
1662 *d++ = ch; | 1662 *d++ = ch; |
1663 break; | 1663 break; |
1673 break; | 1673 break; |
1674 } | 1674 } |
1675 | 1675 |
1676 c = (u_char) (ch | 0x20); | 1676 c = (u_char) (ch | 0x20); |
1677 if (c >= 'a' && c <= 'f') { | 1677 if (c >= 'a' && c <= 'f') { |
1678 ch = (u_char) ((decoded << 4) + c - 'a' + 10); | 1678 ch = (u_char) ((decoded << 4) + (c - 'a') + 10); |
1679 | 1679 |
1680 if (type & NGX_UNESCAPE_URI) { | 1680 if (type & NGX_UNESCAPE_URI) { |
1681 if (ch == '?') { | 1681 if (ch == '?') { |
1682 *d++ = ch; | 1682 *d++ = ch; |
1683 goto done; | 1683 goto done; |