You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2019/02/12 00:42:57 UTC
[trafficserver] 03/05: Fix an failed assertion in
HttpSM::parse_range_and_compare
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit cad19dfd0304e9206e4f1b0d0d7e41c2db081b49
Author: fengshuaitao <fe...@bytedance.com>
AuthorDate: Wed Jan 17 15:08:29 2018 +0800
Fix an failed assertion in HttpSM::parse_range_and_compare
Signed-off-by: fengshuaitao <fe...@bytedance.com>
(cherry picked from commit 8046477d6c871be61a9d2ec6b41f2524a3fde699)
---
proxy/http/HttpSM.cc | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index ccc2d01..8d434d8 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4170,6 +4170,8 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
const char *s, *e, *tmp;
RangeRecord *ranges = nullptr;
int64_t start, end;
+ int64_t cutoff = INT64_MAX / 10;
+ int64_t cutlim = INT64_MAX % 10;
ink_assert(field != nullptr && t_state.range_setup == HttpTransact::RANGE_NONE && t_state.ranges == nullptr);
@@ -4226,6 +4228,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
start = -1;
} else {
for (start = 0; s < e && *s >= '0' && *s <= '9'; ++s) {
+ // check the int64 overflow in case of high gcc with O3 option
+ // thinking the start is always positive
+ if (start >= cutoff && (start > cutoff || *s - '0' > cutlim)) {
+ t_state.range_setup = HttpTransact::RANGE_NONE;
+ goto Lfaild;
+ }
start = start * 10 + (*s - '0');
}
// skip last white spaces
@@ -4258,6 +4266,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
end = content_length - 1;
} else {
for (end = 0; s < e && *s >= '0' && *s <= '9'; ++s) {
+ // check the int64 overflow in case of high gcc with O3 option
+ // thinking the start is always positive
+ if (end >= cutoff && (end > cutoff || *s - '0' > cutlim)) {
+ t_state.range_setup = HttpTransact::RANGE_NONE;
+ goto Lfaild;
+ }
end = end * 10 + (*s - '0');
}
// skip last white spaces