This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit cad19dfd0304e9206e4f1b0d0d7e41c2db081b49 Author: fengshuaitao <fengshuai...@bytedance.com> AuthorDate: Wed Jan 17 15:08:29 2018 +0800 Fix an failed assertion in HttpSM::parse_range_and_compare Signed-off-by: fengshuaitao <fengshuai...@bytedance.com> (cherry picked from commit 8046477d6c871be61a9d2ec6b41f2524a3fde699) --- proxy/http/HttpSM.cc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index ccc2d01..8d434d8 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4170,6 +4170,8 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length) const char *s, *e, *tmp; RangeRecord *ranges = nullptr; int64_t start, end; + int64_t cutoff = INT64_MAX / 10; + int64_t cutlim = INT64_MAX % 10; ink_assert(field != nullptr && t_state.range_setup == HttpTransact::RANGE_NONE && t_state.ranges == nullptr); @@ -4226,6 +4228,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length) start = -1; } else { for (start = 0; s < e && *s >= '0' && *s <= '9'; ++s) { + // check the int64 overflow in case of high gcc with O3 option + // thinking the start is always positive + if (start >= cutoff && (start > cutoff || *s - '0' > cutlim)) { + t_state.range_setup = HttpTransact::RANGE_NONE; + goto Lfaild; + } start = start * 10 + (*s - '0'); } // skip last white spaces @@ -4258,6 +4266,12 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length) end = content_length - 1; } else { for (end = 0; s < e && *s >= '0' && *s <= '9'; ++s) { + // check the int64 overflow in case of high gcc with O3 option + // thinking the start is always positive + if (end >= cutoff && (end > cutoff || *s - '0' > cutlim)) { + t_state.range_setup = HttpTransact::RANGE_NONE; + goto Lfaild; + } end = end * 10 + (*s - '0'); } // skip last white spaces