Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#732 closed defect (fixed)

Signed integer overflows

Reported by: Paweł Krawczyk Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.7.x
Keywords: Cc:
uname -a: Linux kautsky 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:31:23 UTC 2014 i686 athlon i686 GNU/Linux
nginx -V: nginx version: nginx/1.7.10
built by gcc 4.9.2 (Ubuntu 4.9.2-0ubuntu1~14.04)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_gzip_static_module --with-http_geoip_module --with-ipv6 --with-cc-opt='-fsanitize=address -fsanitize=leak -fsanitize=undefined -fstack-protector-all -Wl,-z,relro -Wl,-z,now -fPIE -pie -D_FORTIFY_SOURCE=2 -O4 -march=x86-64 -flto' --with-ld-opt='-fsanitize=address -fsanitize=leak -fsanitize=undefined -fstack-protector-all -Wl,-z,relro -Wl,-z,now -fPIE -pie -O4 -march=x86-64 -flto' --add-module=lua-nginx-module --add-module=ngx_devel_kit

Description

Nginx compiled with GCC sanitizers reports the following issues:

src/core/ngx_parse.c:127:27: runtime error: signed integer overflow: 259200000 * 10 cannot be represented in type 'int'
src/core/ngx_parse.c:245:30: runtime error: signed integer overflow: -1702967296 * 1000 cannot be represented in type 'int'

# nginx -V

Change History (4)

comment:1 by Ruslan Ermilov, 10 years ago

Status: newaccepted

comment:2 by Ruslan Ermilov <ru@…>, 10 years ago

In 429a8c65f0a742f60b80912f1ed7b669f508e34a/nginx:

Core: overflow detection in ngx_parse_time() (ticket #732).

comment:3 by Ruslan Ermilov, 10 years ago

Resolution: fixed
Status: acceptedclosed

comment:4 by Ruslan Ermilov <ru@…>, 10 years ago

In 8ec0f199cc81d57a161ac8d87523232b3dc12ed8/nginx:

Core: overflow detection in ngx_parse_time() (ticket #732).

Note: See TracTickets for help on using tickets.