mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-27 16:51:30 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Possible overflow in qpack_get_varint()

Browse Source 
This should fix CID 375051 in GH 1536 where a signed integer expression (1 << bit)
which could overflow was compared to a uint64_t.
This commit is contained in:
Frédéric Lécaille 2022-02-02 14:56:23 +01:00 committed by Amaury Denoyelle
parent ce2ecc9643
commit 6842485a84
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/qpack-dec.c
View File

@ -67,8 +67,8 @@ static uint64_t qpack_get_varint(const unsigned char **buf, uint64_t *len_in, in
uint8_t shift = 0; uint8_t shift = 0;
len--; len--;
ret = *raw++ & ((1 << b) - 1); ret = *raw++ & ((1ULL << b) - 1);
if (ret != (uint64_t)((1 << b) - 1)) if (ret != (uint64_t)((1ULL << b) - 1))
goto end; goto end;
while (len && (*raw & 128)) { while (len && (*raw & 128)) {