]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd6d421)
Fixed signed integer overflows in timer code (ticket #145).
authorMaxim Dounin <mdounin@mdounin.ru>
Fri, 6 Apr 2012 23:46:09 +0000 (23:46 +0000)
committerMaxim Dounin <mdounin@mdounin.ru>
Fri, 6 Apr 2012 23:46:09 +0000 (23:46 +0000)
Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.

src/core/ngx_rbtree.c patch | blob | history
src/event/ngx_event_timer.c patch | blob | history

diff --git a/src/core/ngx_rbtree.c b/src/core/ngx_rbtree.c
index 6ae4d5c05abb49594383f3347419490b71b58b18..914ca7e884b06b2ebbdc801ff6590923b6744168 100644 (file)
--- a/src/core/ngx_rbtree.c
+++ b/src/core/ngx_rbtree.c
@@ -136,8 +136,7 @@ ngx_rbtree_insert_timer_value(ngx_rbtree_node_t *temp, ngx_rbtree_node_t *node,
 
         /*  node->key < temp->key */
 
-        p = ((ngx_rbtree_key_int_t) node->key - (ngx_rbtree_key_int_t) temp->key
-              < 0)
+        p = ((ngx_rbtree_key_int_t) (node->key - temp->key) < 0)
             ? &temp->left : &temp->right;
 
         if (*p == sentinel) {
diff --git a/src/event/ngx_event_timer.c b/src/event/ngx_event_timer.c
index 7a8107209308ede4b796539055208bacf13b932b..177ac1cf113a06834fb7cf19f71a29249b7328e5 100644 (file)
--- a/src/event/ngx_event_timer.c
+++ b/src/event/ngx_event_timer.c
@@ -67,7 +67,7 @@ ngx_event_find_timer(void)
 
     ngx_mutex_unlock(ngx_event_timer_mutex);
 
-    timer = (ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec;
+    timer = (ngx_msec_int_t) (node->key - ngx_current_msec);
 
     return (ngx_msec_t) (timer > 0 ? timer : 0);
 }
@@ -95,8 +95,7 @@ ngx_event_expire_timers(void)
 
         /* node->key <= ngx_current_time */
 
-        if ((ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec <= 0)
-        {
+        if ((ngx_msec_int_t) (node->key - ngx_current_msec) <= 0) {
             ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
 
 #if (NGX_THREADS)
nginx upstream