]> git.kaiwu.me - nginx.git/commit
HTTP/3: fixed overflow in prefixed integer parser.
authorRoman Arutyunyan <arut@nginx.com>
Fri, 3 Jul 2020 13:41:31 +0000 (16:41 +0300)
committerRoman Arutyunyan <arut@nginx.com>
Fri, 3 Jul 2020 13:41:31 +0000 (16:41 +0300)
commit3b2eabde0bedc9a1a7d1b53bdbc28bdc14773dd1
tree4d1a345f7e788d5afb81399a933e8ba1e1a6d770
parent0ebcffcf1409a03d2437ad18d65387448382620d
HTTP/3: fixed overflow in prefixed integer parser.

Previously, the expression (ch & 0x7f) was promoted to a signed integer.
Depending on the platform, the size of this integer could be less than 8 bytes,
leading to overflow when handling the higher bits of the result.  Also, sign
bit of this integer could be replicated when adding to the 64-bit st->value.
src/http/v3/ngx_http_v3_parse.c