Ruby: Prevent a possible integer underflow

Coverity picked up a potential issue with the previous commit d9f5f1fb7
("Ruby: Handle response field arrays") in that a size_t could wrap
around to SIZE_MAX - 1.

This would happen if we were given an empty array of header values.

Fixes: d9f5f1fb7 ("Ruby: Handle response field arrays")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/src/ruby/nxt_ruby.c b/src/ruby/nxt_ruby.c
index 3a019c36..27b868fe 100644
--- a/src/ruby/nxt_ruby.c
+++ b/src/ruby/nxt_ruby.c
@@ -914,8 +914,12 @@ nxt_ruby_hash_info(VALUE r_key, VALUE r_value, VALUE arg)
             len += RSTRING_LEN(item) + 2;   /* +2 for '; ' */
         }
 
+        if (arr_len > 0) {
+            len -= 2;
+        }
+
         headers_info->fields++;
-        headers_info->size += RSTRING_LEN(r_key) + len - 2;
+        headers_info->size += RSTRING_LEN(r_key) + len;
 
         return ST_CONTINUE;
     }
@@ -994,7 +998,9 @@ nxt_ruby_hash_add(VALUE r_key, VALUE r_value, VALUE arg)
             p = nxt_cpymem(p, "; ", 2);
         }
 
-        len -= 2;
+        if (arr_len > 0) {
+            len -= 2;
+        }
 
         *rc = nxt_unit_response_add_field(headers_info->req,
                                           RSTRING_PTR(r_key), key_len,