[nginx] Postpone filter: fixed incorrect content length check.

Antoine Séne nytosene at gmail.com
Thu Jun 5 17:15:43 UTC 2025 

Hello, can you please send me the unsubscribe to the mailing list link? I
want to connect with my other email
Thank you

On Thu, Jun 5, 2025 at 12:35 AM Maxim Dounin <mdounin at mdounin.ru> wrote:

> details:   http://freenginx.org/hg/nginx/rev/f5928c2e47c5
> branches:
> changeset: 9376:f5928c2e47c5
> user:      Maxim Dounin <mdounin at mdounin.ru>
> date:      Thu Jun 05 02:52:31 2025 +0300
> description:
> Postpone filter: fixed incorrect content length check.
>
> The code in ngx_http_postpone_filter_in_memory() used to assign
> r->headers_out.content_length_n to a size_t variable before comparison,
> which can lead to incorrect results on 32-bit platforms.
>
> Fix is to compare r->headers_out.content_length_n before conversion
> to size_t.
>
> Found with MSVC with C4244 warnings (conversion from 'type1' to 'type2',
> possible loss of data) enabled.
>
> diffstat:
>
>  src/http/ngx_http_postpone_filter_module.c |  10 +++++++---
>  1 files changed, 7 insertions(+), 3 deletions(-)
>
> diffs (25 lines):
>
> diff --git a/src/http/ngx_http_postpone_filter_module.c
> b/src/http/ngx_http_postpone_filter_module.c
> --- a/src/http/ngx_http_postpone_filter_module.c
> +++ b/src/http/ngx_http_postpone_filter_module.c
> @@ -194,14 +194,18 @@ ngx_http_postpone_filter_in_memory(ngx_h
>          clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
>
>          if (r->headers_out.content_length_n != -1) {
> -            len = r->headers_out.content_length_n;
>
> -            if (len > clcf->subrequest_output_buffer_size) {
> +            if (r->headers_out.content_length_n
> +                > (off_t) clcf->subrequest_output_buffer_size)
> +            {
>                  ngx_log_error(NGX_LOG_ERR, c->log, 0,
> -                              "too big subrequest response: %uz", len);
> +                              "too big subrequest response: %O",
> +                              r->headers_out.content_length_n);
>                  return NGX_ERROR;
>              }
>
> +            len = (size_t) r->headers_out.content_length_n;
> +
>          } else {
>              len = clcf->subrequest_output_buffer_size;
>          }
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://freenginx.org/pipermail/nginx-devel/attachments/20250605/b1dba89d/attachment.htm>

More information about the nginx-devel mailing list