#732 closed defect (fixed)
Signed integer overflows
| Reported by: | Paweł Krawczyk | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.7.x |
| Keywords: | Cc: | ||
| uname -a: | Linux kautsky 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:31:23 UTC 2014 i686 athlon i686 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.7.10
built by gcc 4.9.2 (Ubuntu 4.9.2-0ubuntu1~14.04) TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_gzip_static_module --with-http_geoip_module --with-ipv6 --with-cc-opt='-fsanitize=address -fsanitize=leak -fsanitize=undefined -fstack-protector-all -Wl,-z,relro -Wl,-z,now -fPIE -pie -D_FORTIFY_SOURCE=2 -O4 -march=x86-64 -flto' --with-ld-opt='-fsanitize=address -fsanitize=leak -fsanitize=undefined -fstack-protector-all -Wl,-z,relro -Wl,-z,now -fPIE -pie -O4 -march=x86-64 -flto' --add-module=lua-nginx-module --add-module=ngx_devel_kit |
||
Description
Nginx compiled with GCC sanitizers reports the following issues:
src/core/ngx_parse.c:127:27: runtime error: signed integer overflow: 259200000 * 10 cannot be represented in type 'int'
src/core/ngx_parse.c:245:30: runtime error: signed integer overflow: -1702967296 * 1000 cannot be represented in type 'int'
# nginx -V
Change History (4)
comment:1 by , 10 years ago
| Status: | new → accepted |
|---|
comment:2 by , 10 years ago
comment:3 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Note:
See TracTickets
for help on using tickets.
In 429a8c65f0a742f60b80912f1ed7b669f508e34a/nginx: