IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

HTTP/3: fixed overflow in prefixed integer parser.

Browse Source 
Previously, the expression (ch & 0x7f) was promoted to a signed integer.
Depending on the platform, the size of this integer could be less than 8 bytes,
leading to overflow when handling the higher bits of the result.  Also, sign
bit of this integer could be replicated when adding to the 64-bit st->value.
This commit is contained in:
Roman Arutyunyan 2020-07-03 16:41:31 +03:00
parent 0ebcffcf14
commit 3b2eabde0b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/http/v3/ngx_http_v3_parse.c
View File

@ -118,7 +118,7 @@ ngx_http_v3_parse_prefix_int(ngx_connection_t *c,
case sw_value:
st->value += (ch & 0x7f) << st->shift;
st->value += (uint64_t) (ch & 0x7f) << st->shift;
if (ch & 0x80) {
st->shift += 7;
break;