summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAndrei Zeliankou <zelenkov@nginx.com>2024-01-31 15:20:33 +0000
committerandrey-zelenkov <xim.andrew@gmail.com>2024-03-11 16:51:35 +0000
commit7dcd6c0ebacab6d78ecc34cbac347ef46f79f479 (patch)
treef573547282814feb71178e04a6868d340e4485cb
parent8844d33c0aba5b6232366a1fcfbf2f8f866c2f53 (diff)
downloadunit-7dcd6c0ebacab6d78ecc34cbac347ef46f79f479.tar.gz
unit-7dcd6c0ebacab6d78ecc34cbac347ef46f79f479.tar.bz2
Avoiding arithmetic ops with NULL pointer in nxt_http_arguments_parse
Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 #1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 #2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 #3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 #4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 #5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 #6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 #7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 #8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) #9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17 Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
-rw-r--r--src/nxt_http_request.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/nxt_http_request.c b/src/nxt_http_request.c
index f8d8d887..425a4607 100644
--- a/src/nxt_http_request.c
+++ b/src/nxt_http_request.c
@@ -946,6 +946,10 @@ nxt_http_arguments_parse(nxt_http_request_t *r)
return NULL;
}
+ if (nxt_slow_path(r->args->start == NULL)) {
+ goto end;
+ }
+
hash = NXT_HTTP_FIELD_HASH_INIT;
name = NULL;
name_length = 0;
@@ -1026,6 +1030,8 @@ nxt_http_arguments_parse(nxt_http_request_t *r)
}
}
+end:
+
r->arguments = args;
return args;