Mercurial > hg > nginx

diff src/http/ngx_http_parse.c @ 7067:e3723f2a11b7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Parenthesized ASCII-related calculations. This also fixes potential undefined behaviour in the range and slice filter modules, caused by local overflows of signed integers in expressions.
author Valentin Bartenev <vbart@nginx.com>
date Mon, 17 Jul 2017 17:23:51 +0300
parents f38647c651a8
children f9661f56c717
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -742,7 +742,7 @@ ngx_http_parse_request_line(ngx_http_req
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
-            r->http_major = r->http_major * 10 + ch - '0';
+            r->http_major = r->http_major * 10 + (ch - '0');
 
             if (r->http_major > 1) {
                 return NGX_HTTP_PARSE_INVALID_VERSION;
@@ -784,7 +784,7 @@ ngx_http_parse_request_line(ngx_http_req
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
-            r->http_minor = r->http_minor * 10 + ch - '0';
+            r->http_minor = r->http_minor * 10 + (ch - '0');
             break;
 
         case sw_spaces_after_digit:
@@ -1518,7 +1518,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
 
         case sw_quoted_second:
             if (ch >= '0' && ch <= '9') {
-                ch = (u_char) ((decoded << 4) + ch - '0');
+                ch = (u_char) ((decoded << 4) + (ch - '0'));
 
                 if (ch == '%' || ch == '#') {
                     state = sw_usual;
@@ -1536,7 +1536,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
 
             c = (u_char) (ch | 0x20);
             if (c >= 'a' && c <= 'f') {
-                ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+                ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
 
                 if (ch == '?') {
                     state = sw_usual;
@@ -1701,7 +1701,7 @@ ngx_http_parse_status_line(ngx_http_requ
                 return NGX_ERROR;
             }
 
-            r->http_major = r->http_major * 10 + ch - '0';
+            r->http_major = r->http_major * 10 + (ch - '0');
             break;
 
         /* the first digit of minor HTTP version */
@@ -1729,7 +1729,7 @@ ngx_http_parse_status_line(ngx_http_requ
                 return NGX_ERROR;
             }
 
-            r->http_minor = r->http_minor * 10 + ch - '0';
+            r->http_minor = r->http_minor * 10 + (ch - '0');
             break;
 
         /* HTTP status code */
@@ -1742,7 +1742,7 @@ ngx_http_parse_status_line(ngx_http_requ
                 return NGX_ERROR;
             }
 
-            status->code = status->code * 10 + ch - '0';
+            status->code = status->code * 10 + (ch - '0');
 
             if (++status->count == 3) {
                 state = sw_space_after_status;