HTTP/2: fixed possible buffer overrun (ticket #893).

Due to greater priority of the unary plus operator over the ternary operator
the expression didn't work as expected.  That might result in one byte less
allocation than needed for the HEADERS frame buffer.

diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index ed30fe56628597483b47ee17c73c9c1ff909e612..ea5897945cae53a7e20732393d9a9b6421518cee 100644 (file)
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -215,8 +215,8 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
     if (r->headers_out.server == NULL) {
-        len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
-                                       : ngx_http_v2_literal_size("nginx");
+        len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+                                        : ngx_http_v2_literal_size("nginx"));
     }
 
     if (r->headers_out.date == NULL) {