On Saturday, 10 November 2018 15:16:35 MSK wy7980 wrote:
> # HG changeset patch
> # User wy7980 <wy7...@gmail.com>
> # Date 1541824641 -28800
> # Sat Nov 10 12:37:21 2018 +0800
> # Node ID e93ac0fd29c1f49e7dd49ff5e1efd58c009d359a
> # Parent a2506436986ae9cf941fd9477aa77e28f501e11d
>
> fix bug of fmt overflow
>
> diff -r a2506436986a -r e93ac0fd29c1 src/core/ngx_string.c
> --- a/src/core/ngx_string.c Tue Nov 06 16:32:09 2018 +0300
> +++ b/src/core/ngx_string.c Sat Nov 10 12:37:21 2018 +0800
> @@ -172,8 +172,9 @@
> ngx_uint_t width, sign, hex, max_width, frac_width, scale,
> n;
> ngx_str_t *v;
> ngx_variable_value_t *vv;
> -
> - while (*fmt && buf < last) {
> + char *fmt_last = (char *)fmt + strlen(fmt);
> +
> + while (*fmt && buf < last && fmt < fmt_last) {
>
> /*
> * "buf < last" means that we could copy at least one character:
>
Could you clarify what bug you are trying to fix?
There should be no overflows unless you specified an incorrect format string.
wbr, Valentin V. Bartenev
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
