Hello!
On Fri, Oct 27, 2023 at 02:58:45PM +0300, Vladimir Homutov via nginx-devel
wrote:
> If URI is not fully parsed yet, the r->uri_end pointer is NULL.
> As a result, calculation of "new + (r->uri_end - old)" expression
> may overflow. In such case, just avoid calculating it, as r->uri_end
>
If URI is not fully parsed yet, the r->uri_end pointer is NULL.
As a result, calculation of "new + (r->uri_end - old)" expression
may overflow. In such case, just avoid calculating it, as r->uri_end
will be set correctly later by the parser in any case.
The issue was found by GCC undefined behavi
Patch subject is complete summary.
src/core/ngx_cycle.c | 10 ++
src/core/ngx_resolver.c | 2 +-
src/core/ngx_string.c| 15 +++
src/http/modules/ngx_http_proxy_module.c | 4 ++--
src/http/ngx_http_file_cache.c
Hello,
Below are two patches, created by results of running nginx-tests with
GCC undefined behaviour sanitizer enabled.
The first one is about memcpy() with NULL second argument calls, which
are considere undefined behaviour by sanitizer. While the actual harm
is arguable, having such calls is
