Skip to content

Commit

Permalink
Avoiding arithmetic ops with NULL pointer in nxt_http_arguments_parse
Browse files Browse the repository at this point in the history
Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments
with enabled UndefinedBehaviorSanitizer:

src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer
    #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961
    #1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621
    #2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507
    #3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265
    #4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194
    #5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838
    #6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542
    #7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126
    #8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030)
    #9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

Reviewed-by: Andrew Clayton <[email protected]>
  • Loading branch information
andrey-zelenkov committed Mar 11, 2024
1 parent 8844d33 commit 7dcd6c0
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/nxt_http_request.c
Original file line number Diff line number Diff line change
Expand Up @@ -946,6 +946,10 @@ nxt_http_arguments_parse(nxt_http_request_t *r)
return NULL;
}

if (nxt_slow_path(r->args->start == NULL)) {
goto end;
}

hash = NXT_HTTP_FIELD_HASH_INIT;
name = NULL;
name_length = 0;
Expand Down Expand Up @@ -1026,6 +1030,8 @@ nxt_http_arguments_parse(nxt_http_request_t *r)
}
}

end:

r->arguments = args;

return args;
Expand Down

0 comments on commit 7dcd6c0

Please sign in to comment.