Mercurial > hg > nginx
comparison src/http/modules/ngx_http_slice_filter_module.c @ 7067:e3723f2a11b7
Parenthesized ASCII-related calculations.
This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 17 Jul 2017 17:23:51 +0300 |
parents | 3ff293cfdab8 |
children | f583559aadc7 |
comparison
equal
deleted
inserted
replaced
7066:a27e0c7e198c | 7067:e3723f2a11b7 |
---|---|
315 while (*p >= '0' && *p <= '9') { | 315 while (*p >= '0' && *p <= '9') { |
316 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) { | 316 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) { |
317 return NGX_ERROR; | 317 return NGX_ERROR; |
318 } | 318 } |
319 | 319 |
320 start = start * 10 + *p++ - '0'; | 320 start = start * 10 + (*p++ - '0'); |
321 } | 321 } |
322 | 322 |
323 while (*p == ' ') { p++; } | 323 while (*p == ' ') { p++; } |
324 | 324 |
325 if (*p++ != '-') { | 325 if (*p++ != '-') { |
335 while (*p >= '0' && *p <= '9') { | 335 while (*p >= '0' && *p <= '9') { |
336 if (end >= cutoff && (end > cutoff || *p - '0' > cutlim)) { | 336 if (end >= cutoff && (end > cutoff || *p - '0' > cutlim)) { |
337 return NGX_ERROR; | 337 return NGX_ERROR; |
338 } | 338 } |
339 | 339 |
340 end = end * 10 + *p++ - '0'; | 340 end = end * 10 + (*p++ - '0'); |
341 } | 341 } |
342 | 342 |
343 end++; | 343 end++; |
344 | 344 |
345 while (*p == ' ') { p++; } | 345 while (*p == ' ') { p++; } |
360 && (complete_length > cutoff || *p - '0' > cutlim)) | 360 && (complete_length > cutoff || *p - '0' > cutlim)) |
361 { | 361 { |
362 return NGX_ERROR; | 362 return NGX_ERROR; |
363 } | 363 } |
364 | 364 |
365 complete_length = complete_length * 10 + *p++ - '0'; | 365 complete_length = complete_length * 10 + (*p++ - '0'); |
366 } | 366 } |
367 | 367 |
368 } else { | 368 } else { |
369 complete_length = -1; | 369 complete_length = -1; |
370 p++; | 370 p++; |
477 while (*p >= '0' && *p <= '9') { | 477 while (*p >= '0' && *p <= '9') { |
478 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) { | 478 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) { |
479 return 0; | 479 return 0; |
480 } | 480 } |
481 | 481 |
482 start = start * 10 + *p++ - '0'; | 482 start = start * 10 + (*p++ - '0'); |
483 } | 483 } |
484 | 484 |
485 return start; | 485 return start; |
486 } | 486 } |
487 | 487 |