You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by bc...@apache.org on 2019/02/12 00:42:57 UTC

[trafficserver] 03/05: Fix an failed assertion in HttpSM::parse_range_and_compare

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit cad19dfd0304e9206e4f1b0d0d7e41c2db081b49
Author: fengshuaitao <fe...@bytedance.com>
AuthorDate: Wed Jan 17 15:08:29 2018 +0800

    Fix an failed assertion in HttpSM::parse_range_and_compare
    
    Signed-off-by: fengshuaitao <fe...@bytedance.com>
    (cherry picked from commit 8046477d6c871be61a9d2ec6b41f2524a3fde699)
---
 proxy/http/HttpSM.cc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index ccc2d01..8d434d8 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4170,6 +4170,8 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
   const char *s, *e, *tmp;
   RangeRecord *ranges = nullptr;
   int64_t start, end;
+  int64_t cutoff = INT64_MAX / 10;
+  int64_t cutlim = INT64_MAX % 10;
 
   ink_assert(field != nullptr && t_state.range_setup == HttpTransact::RANGE_NONE && t_state.ranges == nullptr);
 
@@ -4226,6 +4228,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
       start = -1;
     } else {
       for (start = 0; s < e && *s >= '0' && *s <= '9'; ++s) {
+        // check the int64 overflow in case of high gcc with O3 option
+        // thinking the start is always positive
+        if (start >= cutoff && (start > cutoff || *s - '0' > cutlim)) {
+          t_state.range_setup = HttpTransact::RANGE_NONE;
+          goto Lfaild;
+        }
         start = start * 10 + (*s - '0');
       }
       // skip last white spaces
@@ -4258,6 +4266,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
       end = content_length - 1;
     } else {
       for (end = 0; s < e && *s >= '0' && *s <= '9'; ++s) {
+        // check the int64 overflow in case of high gcc with O3 option
+        // thinking the start is always positive
+        if (end >= cutoff && (end > cutoff || *s - '0' > cutlim)) {
+          t_state.range_setup = HttpTransact::RANGE_NONE;
+          goto Lfaild;
+        }
         end = end * 10 + (*s - '0');
       }
       // skip last white spaces