details: https://hg.nginx.org/njs/rev/5d2a3da0674f branches: changeset: 2261:5d2a3da0674f user: Dmitry Volyntsev <xei...@nginx.com> date: Mon Jan 08 22:20:19 2024 -0800 description: Avoiding arithmetic operations with NULL pointer in TextDecoder().
Found by UndefinedBehaviorSanitizer. diffstat: src/njs_encoding.c | 2 +- src/njs_utf8.c | 30 ++++++++++++++++-------------- 2 files changed, 17 insertions(+), 15 deletions(-) diffs (57 lines): diff -r c15a6129ade7 -r 5d2a3da0674f src/njs_encoding.c --- a/src/njs_encoding.c Mon Jan 08 22:20:10 2024 -0800 +++ b/src/njs_encoding.c Mon Jan 08 22:20:19 2024 -0800 @@ -543,7 +543,7 @@ njs_text_decoder_decode(njs_vm_t *vm, nj /* Looking for BOM. */ - if (!data->ignore_bom) { + if (start != NULL && !data->ignore_bom) { start += njs_utf8_bom(start, end); } diff -r c15a6129ade7 -r 5d2a3da0674f src/njs_utf8.c --- a/src/njs_utf8.c Mon Jan 08 22:20:10 2024 -0800 +++ b/src/njs_utf8.c Mon Jan 08 22:20:19 2024 -0800 @@ -361,25 +361,27 @@ njs_utf8_stream_length(njs_unicode_decod size = 0; length = 0; - end = p + len; + if (p != NULL) { + end = p + len; + + while (p < end) { + codepoint = njs_utf8_decode(ctx, &p, end); - while (p < end) { - codepoint = njs_utf8_decode(ctx, &p, end); + if (codepoint > NJS_UNICODE_MAX_CODEPOINT) { + if (codepoint == NJS_UNICODE_CONTINUE) { + break; + } - if (codepoint > NJS_UNICODE_MAX_CODEPOINT) { - if (codepoint == NJS_UNICODE_CONTINUE) { - break; + if (fatal) { + return -1; + } + + codepoint = NJS_UNICODE_REPLACEMENT; } - if (fatal) { - return -1; - } - - codepoint = NJS_UNICODE_REPLACEMENT; + size += njs_utf8_size(codepoint); + length++; } - - size += njs_utf8_size(codepoint); - length++; } if (last && ctx->need != 0x00) { _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel