# HG changeset patch
# User Valentin Bartenev <vbart@nginx.com>
# Date 1454598064 -10800
# Node ID 11e019750adcab5eb1cf19a55a63be4c5cc61841
# Parent  0e0e2e522fa2cb439b636a2c19aca5bdfbe8704f
HTTP/2: fixed possible buffer overrun (ticket #893).

Due to greater priority of the unary plus operator over the ternary operator
the expression didn't work as expected.  That might result in one byte less
allocation than needed for the HEADERS frame buffer.

diff -r 0e0e2e522fa2 -r 11e019750adc src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c	Tue Feb 02 16:33:55 2016 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c	Thu Feb 04 18:01:04 2016 +0300
@@ -215,8 +215,8 @@
     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
     if (r->headers_out.server == NULL) {
-        len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
-                                       : ngx_http_v2_literal_size("nginx");
+        len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+                                        : ngx_http_v2_literal_size("nginx"));
     }
 
     if (r->headers_out.date == NULL) {