Mercurial > hg > nginx

comparison src/http/modules/ngx_http_slice_filter_module.c @ 7067:e3723f2a11b7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Parenthesized ASCII-related calculations. This also fixes potential undefined behaviour in the range and slice filter modules, caused by local overflows of signed integers in expressions.
author Valentin Bartenev <vbart@nginx.com>
date Mon, 17 Jul 2017 17:23:51 +0300
parents 3ff293cfdab8
children f583559aadc7
comparison
equal deleted inserted replaced
7066:a27e0c7e198c 7067:e3723f2a11b7
315 while (*p >= '0' && *p <= '9') { 315 while (*p >= '0' && *p <= '9') {
316 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) { 316 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) {
317 return NGX_ERROR; 317 return NGX_ERROR;
318 } 318 }
319 319
320 start = start * 10 + *p++ - '0'; 320 start = start * 10 + (*p++ - '0');
321 } 321 }
322 322
323 while (*p == ' ') { p++; } 323 while (*p == ' ') { p++; }
324 324
325 if (*p++ != '-') { 325 if (*p++ != '-') {
335 while (*p >= '0' && *p <= '9') { 335 while (*p >= '0' && *p <= '9') {
336 if (end >= cutoff && (end > cutoff || *p - '0' > cutlim)) { 336 if (end >= cutoff && (end > cutoff || *p - '0' > cutlim)) {
337 return NGX_ERROR; 337 return NGX_ERROR;
338 } 338 }
339 339
340 end = end * 10 + *p++ - '0'; 340 end = end * 10 + (*p++ - '0');
341 } 341 }
342 342
343 end++; 343 end++;
344 344
345 while (*p == ' ') { p++; } 345 while (*p == ' ') { p++; }
360 && (complete_length > cutoff || *p - '0' > cutlim)) 360 && (complete_length > cutoff || *p - '0' > cutlim))
361 { 361 {
362 return NGX_ERROR; 362 return NGX_ERROR;
363 } 363 }
364 364
365 complete_length = complete_length * 10 + *p++ - '0'; 365 complete_length = complete_length * 10 + (*p++ - '0');
366 } 366 }
367 367
368 } else { 368 } else {
369 complete_length = -1; 369 complete_length = -1;
370 p++; 370 p++;
477 while (*p >= '0' && *p <= '9') { 477 while (*p >= '0' && *p <= '9') {
478 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) { 478 if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) {
479 return 0; 479 return 0;
480 } 480 }
481 481
482 start = start * 10 + *p++ - '0'; 482 start = start * 10 + (*p++ - '0');
483 } 483 }
484 484
485 return start; 485 return start;
486 } 486 }
487 487