Mercurial > hg > nginx
changeset 4576:876e6b0814a5
Fixed signed integer overflows in timer code (ticket #145).
Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases). Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.
Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour. This will require much more changes though, and
considered to be overkill for now.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 06 Apr 2012 23:46:09 +0000 |
parents | 709d7d24239d |
children | 79aab5f5b201 |
files | src/core/ngx_rbtree.c src/event/ngx_event_timer.c |
diffstat | 2 files changed, 3 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/core/ngx_rbtree.c Thu Apr 05 19:49:34 2012 +0000 +++ b/src/core/ngx_rbtree.c Fri Apr 06 23:46:09 2012 +0000 @@ -136,8 +136,7 @@ /* node->key < temp->key */ - p = ((ngx_rbtree_key_int_t) node->key - (ngx_rbtree_key_int_t) temp->key - < 0) + p = ((ngx_rbtree_key_int_t) (node->key - temp->key) < 0) ? &temp->left : &temp->right; if (*p == sentinel) {
--- a/src/event/ngx_event_timer.c Thu Apr 05 19:49:34 2012 +0000 +++ b/src/event/ngx_event_timer.c Fri Apr 06 23:46:09 2012 +0000 @@ -67,7 +67,7 @@ ngx_mutex_unlock(ngx_event_timer_mutex); - timer = (ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec; + timer = (ngx_msec_int_t) (node->key - ngx_current_msec); return (ngx_msec_t) (timer > 0 ? timer : 0); } @@ -95,8 +95,7 @@ /* node->key <= ngx_current_time */ - if ((ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec <= 0) - { + if ((ngx_msec_int_t) (node->key - ngx_current_msec) <= 0) { ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer)); #if (NGX_THREADS)