Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#732 closed defect (fixed)

Signed integer overflows

Reported by: www.google.com/accounts/o8/id?id=AItOawnyGGRJGHmNQJw4PKnyQShBk0decuhCa3Y Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.7.x
Keywords: Cc:
uname -a: Linux kautsky 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:31:23 UTC 2014 i686 athlon i686 GNU/Linux
nginx -V: nginx version: nginx/1.7.10 built by gcc 4.9.2 (Ubuntu 4.9.2-0ubuntu1~14.04) TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_gzip_static_module --with-http_geoip_module --with-ipv6 --with-cc-opt='-fsanitize=address -fsanitize=leak -fsanitize=undefined -fstack-protector-all -Wl,-z,relro -Wl,-z,now -fPIE -pie -D_FORTIFY_SOURCE=2 -O4 -march=x86-64 -flto' --with-ld-opt='-fsanitize=address -fsanitize=leak -fsanitize=undefined -fstack-protector-all -Wl,-z,relro -Wl,-z,now -fPIE -pie -O4 -march=x86-64 -flto' --add-module=lua-nginx-module --add-module=ngx_devel_kit

Description

Nginx compiled with GCC sanitizers reports the following issues:

src/core/ngx_parse.c:127:27: runtime error: signed integer overflow: 259200000 * 10 cannot be represented in type 'int'
src/core/ngx_parse.c:245:30: runtime error: signed integer overflow: -1702967296 * 1000 cannot be represented in type 'int'

# nginx -V

Change History (4)

comment:1 Changed 5 years ago by ru

  • Status changed from new to accepted

comment:2 Changed 5 years ago by Ruslan Ermilov <ru@…>

In 429a8c65f0a742f60b80912f1ed7b669f508e34a/nginx:

Core: overflow detection in ngx_parse_time() (ticket #732).

comment:3 Changed 5 years ago by ru

  • Resolution set to fixed
  • Status changed from accepted to closed

comment:4 Changed 5 years ago by Ruslan Ermilov <ru@…>

In 8ec0f199cc81d57a161ac8d87523232b3dc12ed8/nginx:

Core: overflow detection in ngx_parse_time() (ticket #732).

Note: See TracTickets for help on using tickets.