https://bz.apache.org/bugzilla/show_bug.cgi?id=69741
Bug ID: 69741
Summary: Undefined behavior due to shift into the sign bit in
mod_http2 and mod_proxy_http2
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: mod_http2
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
In h2_log(int n) and h2_proxy_log(int n), when the argument is 32768, it gets
left-shifted by 16, which results in a value of INT_MIN. This is undefined
behavior, and trips UBSan.
To reproduce:
1. Build httpd from source with CFLAGS=-fsanitize=undefined, with
mod_proxy_http2 enabled.
2. Add an h2c backend.
3. Start httpd
4. Send any request that gets forwarded to that backend, for example with `curl
--http2 --http2-prior-knowledge`
5. Watch it crash with the following error in the error_log:
> h2_proxy_util.c:45:16: runtime error: left shift of 32768 by 16 places cannot
> be represented in type 'int'
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior h2_proxy_util.c:45:16
The fix is to simply make the arguments to these functions unsigned.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
