Mercurial > hg > nginx
diff src/http/v3/ngx_http_v3_parse.c @ 8463:2576485b93d4 quic
HTTP/3: fixed overflow in prefixed integer parser.
Previously, the expression (ch & 0x7f) was promoted to a signed integer.
Depending on the platform, the size of this integer could be less than 8 bytes,
leading to overflow when handling the higher bits of the result. Also, sign
bit of this integer could be replicated when adding to the 64-bit st->value.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Fri, 03 Jul 2020 16:41:31 +0300 |
parents | 153bffee3d7e |
children | fdb8edc8e496 |
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3_parse.c Thu Jul 02 17:35:57 2020 +0300 +++ b/src/http/v3/ngx_http_v3_parse.c Fri Jul 03 16:41:31 2020 +0300 @@ -118,7 +118,7 @@ case sw_value: - st->value += (ch & 0x7f) << st->shift; + st->value += (uint64_t) (ch & 0x7f) << st->shift; if (ch & 0x80) { st->shift += 7; break;