details: https://hg.nginx.org/njs/rev/4fba78789fe4 branches: changeset: 2267:4fba78789fe4 user: Dmitry Volyntsev <xei...@nginx.com> date: Thu Jan 11 15:13:47 2024 -0800 description: HTTP: avoiding arithmetic ops with NULL pointer in r.args getter.
Found by UndefinedBehaviorSanitizer. diffstat: nginx/ngx_http_js_module.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diffs (24 lines): diff -r 2b221f44efa6 -r 4fba78789fe4 nginx/ngx_http_js_module.c --- a/nginx/ngx_http_js_module.c Thu Jan 11 15:13:43 2024 -0800 +++ b/nginx/ngx_http_js_module.c Thu Jan 11 15:13:47 2024 -0800 @@ -2615,7 +2615,8 @@ static njs_int_t ngx_http_js_ext_get_args(njs_vm_t *vm, njs_object_prop_t *prop, njs_value_t *value, njs_value_t *setval, njs_value_t *retval) { - njs_int_t ret; + u_char *data; + njs_int_t ret; njs_value_t *args; ngx_http_js_ctx_t *ctx; ngx_http_request_t *r; @@ -2631,8 +2632,8 @@ ngx_http_js_ext_get_args(njs_vm_t *vm, n args = njs_value_arg(&ctx->args); if (njs_value_is_null(args)) { - ret = njs_vm_query_string_parse(vm, r->args.data, - r->args.data + r->args.len, args); + data = (r->args.len != 0) ? r->args.data : (u_char *) ""; + ret = njs_vm_query_string_parse(vm, data, data + r->args.len, args); if (ret == NJS_ERROR) { return NJS_ERROR; _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel