]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38236bf)
QUIC: ngx_msec_t overflow protection.
authorRoman Arutyunyan <arut@nginx.com>
Mon, 10 Mar 2025 08:19:25 +0000 (12:19 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 15 Apr 2025 15:01:36 +0000 (19:01 +0400)
On some systems the value of ngx_current_msec is derived from monotonic
clock, for which the following is defined by POSIX:

   For this clock, the value returned by clock_gettime() represents
   the amount of time (in seconds and nanoseconds) since an unspecified
   point in the past.

As as result, overflow protection is needed when comparing two ngx_msec_t.
The change adds such protection to the ngx_quic_detect_lost() function.

src/event/quic/ngx_event_quic_ack.c patch | blob | history

diff --git a/src/event/quic/ngx_event_quic_ack.c b/src/event/quic/ngx_event_quic_ack.c
index 29c5bfed19df1c35ecb8f388341f24bcebe5cc3b..a6f34348b7fd82b9f56d96bb0520e7ce000001b8 100644 (file)
--- a/src/event/quic/ngx_event_quic_ack.c
+++ b/src/event/quic/ngx_event_quic_ack.c
@@ -449,9 +449,10 @@ ngx_quic_detect_lost(ngx_connection_t *c, ngx_quic_ack_stat_t *st)
     now = ngx_current_msec;
     thr = ngx_quic_lost_threshold(qc);
 
-    /* send time of lost packets across all send contexts */
-    oldest = NGX_TIMER_INFINITE;
-    newest = NGX_TIMER_INFINITE;
+#if (NGX_SUPPRESS_WARN)
+    oldest = now;
+    newest = now;
+#endif
 
     nlost = 0;
 
@@ -484,13 +485,17 @@ ngx_quic_detect_lost(ngx_connection_t *c, ngx_quic_ack_stat_t *st)
                 break;
             }
 
-            if (start->send_time > qc->first_rtt) {
+            if ((ngx_msec_int_t) (start->send_time - qc->first_rtt) > 0) {
 
-                if (oldest == NGX_TIMER_INFINITE || start->send_time < oldest) {
+                if (nlost == 0
+                    || (ngx_msec_int_t) (start->send_time - oldest) < 0)
+                {
                     oldest = start->send_time;
                 }
 
-                if (newest == NGX_TIMER_INFINITE || start->send_time > newest) {
+                if (nlost == 0
+                    || (ngx_msec_int_t) (start->send_time - newest) > 0)
+                {
                     newest = start->send_time;
                 }
 
@@ -511,8 +516,9 @@ ngx_quic_detect_lost(ngx_connection_t *c, ngx_quic_ack_stat_t *st)
      * latest ACK frame.
      */
 
-    if (st && nlost >= 2 && (st->newest < oldest || st->oldest > newest)) {
-
+    if (st && nlost >= 2 && ((ngx_msec_int_t) (st->newest - oldest) < 0
+                             || (ngx_msec_int_t) (st->oldest - newest) > 0))
+    {
         if (newest - oldest > ngx_quic_pcg_duration(c)) {
             ngx_quic_persistent_congestion(c);
         }
nginx upstream