details: https://hg.nginx.org/njs/rev/4fba78789fe4
branches:
changeset: 2267:4fba78789fe4
user: Dmitry Volyntsev <xei...@nginx.com>
date: Thu Jan 11 15:13:47 2024 -0800
description:
HTTP: avoiding arithmetic ops with NULL pointer in r.args getter.
Found by UndefinedBehaviorSanitizer.
diffstat:
nginx/ngx_http_js_module.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diffs (24 lines):
diff -r 2b221f44efa6 -r 4fba78789fe4 nginx/ngx_http_js_module.c
--- a/nginx/ngx_http_js_module.c Thu Jan 11 15:13:43 2024 -0800
+++ b/nginx/ngx_http_js_module.c Thu Jan 11 15:13:47 2024 -0800
@@ -2615,7 +2615,8 @@ static njs_int_t
ngx_http_js_ext_get_args(njs_vm_t *vm, njs_object_prop_t *prop,
njs_value_t *value, njs_value_t *setval, njs_value_t *retval)
{
- njs_int_t ret;
+ u_char *data;
+ njs_int_t ret;
njs_value_t *args;
ngx_http_js_ctx_t *ctx;
ngx_http_request_t *r;
@@ -2631,8 +2632,8 @@ ngx_http_js_ext_get_args(njs_vm_t *vm, n
args = njs_value_arg(&ctx->args);
if (njs_value_is_null(args)) {
- ret = njs_vm_query_string_parse(vm, r->args.data,
- r->args.data + r->args.len, args);
+ data = (r->args.len != 0) ? r->args.data : (u_char *) "";
+ ret = njs_vm_query_string_parse(vm, data, data + r->args.len, args);
if (ret == NJS_ERROR) {
return NJS_ERROR;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
