diff options
author | Andrei Zeliankou <zelenkov@nginx.com> | 2024-01-31 15:20:33 +0000 |
---|---|---|
committer | andrey-zelenkov <xim.andrew@gmail.com> | 2024-03-11 16:51:35 +0000 |
commit | 7dcd6c0ebacab6d78ecc34cbac347ef46f79f479 (patch) | |
tree | f573547282814feb71178e04a6868d340e4485cb | |
parent | 8844d33c0aba5b6232366a1fcfbf2f8f866c2f53 (diff) | |
download | unit-7dcd6c0ebacab6d78ecc34cbac347ef46f79f479.tar.gz unit-7dcd6c0ebacab6d78ecc34cbac347ef46f79f479.tar.bz2 |
Avoiding arithmetic ops with NULL pointer in nxt_http_arguments_parse
Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments
with enabled UndefinedBehaviorSanitizer:
src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer
#0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961
#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621
#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507
#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265
#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194
#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838
#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542
#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126
#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030)
#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
-rw-r--r-- | src/nxt_http_request.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/nxt_http_request.c b/src/nxt_http_request.c index f8d8d887..425a4607 100644 --- a/src/nxt_http_request.c +++ b/src/nxt_http_request.c @@ -946,6 +946,10 @@ nxt_http_arguments_parse(nxt_http_request_t *r) return NULL; } + if (nxt_slow_path(r->args->start == NULL)) { + goto end; + } + hash = NXT_HTTP_FIELD_HASH_INIT; name = NULL; name_length = 0; @@ -1026,6 +1030,8 @@ nxt_http_arguments_parse(nxt_http_request_t *r) } } +end: + r->arguments = args; return args; |