Parenthesized ASCII-related calculations.

This also fixes potential undefined behaviour in the range and slice filter modules, caused by local overflows of signed integers in expressions.
author: Valentin Bartenev <vbart@nginx.com> 2017-07-17 17:23:51 +0300
committer: Valentin Bartenev <vbart@nginx.com> 2017-07-17 17:23:51 +0300
commit: 9197a3c8741a8832e6f6ed24a72dc5b078d840fd (patch)
tree: 43e64c8410806c986a6b331cf4bba4b9898b5c86 /src/http/ngx_http_parse.c
parent: 7b06d9c326f3e24a9d1402a5d3d4b539febdf64b (diff)
download: nginx-9197a3c8741a8832e6f6ed24a72dc5b078d840fd.tar.gz
nginx-9197a3c8741a8832e6f6ed24a72dc5b078d840fd.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index e8e51563f..844054c9d 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -742,7 +742,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
-            r->http_major = r->http_major * 10 + ch - '0';
+            r->http_major = r->http_major * 10 + (ch - '0');
 
             if (r->http_major > 1) {
                 return NGX_HTTP_PARSE_INVALID_VERSION;
@@ -784,7 +784,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
-            r->http_minor = r->http_minor * 10 + ch - '0';
+            r->http_minor = r->http_minor * 10 + (ch - '0');
             break;
 
         case sw_spaces_after_digit:
@@ -1518,7 +1518,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
 
         case sw_quoted_second:
             if (ch >= '0' && ch <= '9') {
-                ch = (u_char) ((decoded << 4) + ch - '0');
+                ch = (u_char) ((decoded << 4) + (ch - '0'));
 
                 if (ch == '%' || ch == '#') {
                     state = sw_usual;
@@ -1536,7 +1536,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
 
             c = (u_char) (ch | 0x20);
             if (c >= 'a' && c <= 'f') {
-                ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+                ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
 
                 if (ch == '?') {
                     state = sw_usual;
@@ -1701,7 +1701,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
                 return NGX_ERROR;
             }
 
-            r->http_major = r->http_major * 10 + ch - '0';
+            r->http_major = r->http_major * 10 + (ch - '0');
             break;
 
         /* the first digit of minor HTTP version */
@@ -1729,7 +1729,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
                 return NGX_ERROR;
             }
 
-            r->http_minor = r->http_minor * 10 + ch - '0';
+            r->http_minor = r->http_minor * 10 + (ch - '0');
             break;
 
         /* HTTP status code */
@@ -1742,7 +1742,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
                 return NGX_ERROR;
             }
 
-            status->code = status->code * 10 + ch - '0';
+            status->code = status->code * 10 + (ch - '0');
 
             if (++status->count == 3) {
                 state = sw_space_after_status;
author	Valentin Bartenev <vbart@nginx.com>	2017-07-17 17:23:51 +0300
committer	Valentin Bartenev <vbart@nginx.com>	2017-07-17 17:23:51 +0300
commit	9197a3c8741a8832e6f6ed24a72dc5b078d840fd (patch)
tree	43e64c8410806c986a6b331cf4bba4b9898b5c86 /src/http/ngx_http_parse.c
parent	7b06d9c326f3e24a9d1402a5d3d4b539febdf64b (diff)
download	nginx-9197a3c8741a8832e6f6ed24a72dc5b078d840fd.tar.gz nginx-9197a3c8741a8832e6f6ed24a72dc5b078d840fd.zip