[6.0] 41b791a33 Rework to avoid UB
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Thu Aug 16 08:52:43 UTC 2018
commit 41b791a33ec5ad163e2f97f8689d91044d00abb2
Author: Federico G. Schwindt <fgsch at lodoss.net>
Date: Sat Apr 14 20:03:46 2018 +0100
Rework to avoid UB
Fixes #2617
diff --git a/bin/varnishd/cache/cache_http.c b/bin/varnishd/cache/cache_http.c
index 8797c926e..6c3e2ce1f 100644
--- a/bin/varnishd/cache/cache_http.c
+++ b/bin/varnishd/cache/cache_http.c
@@ -669,8 +669,9 @@ http_GetHdrField(const struct http *hp, const char *hdr,
ssize_t
http_GetContentLength(const struct http *hp)
{
- ssize_t cl, cll;
+ ssize_t cl;
const char *b;
+ unsigned n;
CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
@@ -680,11 +681,13 @@ http_GetContentLength(const struct http *hp)
if (!vct_isdigit(*b))
return (-2);
for (; vct_isdigit(*b); b++) {
- cll = cl;
+ if (cl > (SSIZE_MAX / 10))
+ return (-2);
cl *= 10;
- cl += *b - '0';
- if (cll != cl / 10)
+ n = *b - '0';
+ if (cl > (SSIZE_MAX - n))
return (-2);
+ cl += n;
}
while (vct_islws(*b))
b++;
More information about the varnish-commit
mailing list