[trafficserver] branch master updated: Fix an failed assertion in HttpSM::parse_range_and_compare

Tue, 08 Jan 2019 10:46:18 -0800 

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 8046477  Fix an failed assertion in HttpSM::parse_range_and_compare
8046477 is described below

commit 8046477d6c871be61a9d2ec6b41f2524a3fde699
Author: fengshuaitao <[email protected]>
AuthorDate: Wed Jan 17 15:08:29 2018 +0800

    Fix an failed assertion in HttpSM::parse_range_and_compare
    
    Signed-off-by: fengshuaitao <[email protected]>
---
 proxy/http/HttpSM.cc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 18dad8e..08482eb 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4231,6 +4231,8 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t 
content_length)
   const char *s, *e, *tmp;
   RangeRecord *ranges = nullptr;
   int64_t start, end;
+  int64_t cutoff = INT64_MAX / 10;
+  int64_t cutlim = INT64_MAX % 10;
 
   ink_assert(field != nullptr && t_state.range_setup == 
HttpTransact::RANGE_NONE && t_state.ranges == nullptr);
 
@@ -4287,6 +4289,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, 
int64_t content_length)
       start = -1;
     } else {
       for (start = 0; s < e && *s >= '0' && *s <= '9'; ++s) {
+        // check the int64 overflow in case of high gcc with O3 option
+        // thinking the start is always positive
+        if (start >= cutoff && (start > cutoff || *s - '0' > cutlim)) {
+          t_state.range_setup = HttpTransact::RANGE_NONE;
+          goto Lfaild;
+        }
         start = start * 10 + (*s - '0');
       }
       // skip last white spaces
@@ -4319,6 +4327,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, 
int64_t content_length)
       end = content_length - 1;
     } else {
       for (end = 0; s < e && *s >= '0' && *s <= '9'; ++s) {
+        // check the int64 overflow in case of high gcc with O3 option
+        // thinking the start is always positive
+        if (end >= cutoff && (end > cutoff || *s - '0' > cutlim)) {
+          t_state.range_setup = HttpTransact::RANGE_NONE;
+          goto Lfaild;
+        }
         end = end * 10 + (*s - '0');
       }
       // skip last white spaces

Reply via email to