Re: [hackers] [quark][PATCH] Fix overflow when calling strtonum in parse_range

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Laslo Hunhold <dev_AT_frign.de>
Date: Sat, 31 Oct 2020 23:27:04 +0100

On Sat, 31 Oct 2020 21:58:26 +0000
José Miguel Sánchez García <soy.jmi2k_AT_gmail.com> wrote:

Dear José,

> The value passed as maxval, SIZE_MAX, doesn't fit on a long long int
> due to signedness. It was causing legitimate range request to be
> discarded as bad.
>
> I tested it serving an mp4 and opening it with Firefox. A "range=0-"
> was requested, and it triggered the bug.

this is a great catch, thanks! But wouldn't it be better to use
MIN(SIZE_MAX, LLONG_MAX)?

I haven't found anything in the standard that puts "long long" and
"size_t" into any relation, which means, for me, that any case is
possible where either value could be larger, but please correct me if
I'm wrong.

With best regards

Laslo
Received on Sat Oct 31 2020 - 23:27:04 CET

This archive was generated by hypermail 2.3.0 : Sat Oct 31 2020 - 23:36:31 CET