Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http2: fix potential integer overflow #42248

Merged
merged 1 commit into from Mar 10, 2022
Merged

http2: fix potential integer overflow #42248

merged 1 commit into from Mar 10, 2022

Conversation

mhdawson
Copy link
Member

@mhdawson mhdawson commented Mar 7, 2022

Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson mdawson@devrus.com

@mhdawson
http2: fix potential integer overflow
0487af2 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>
@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Mar 7, 2022

Review requested:

@nodejs-github-bot nodejs-github-bot added c++ http2 needs-ci labels Mar 7, 2022
@mhdawson
Copy link
Author

@mhdawson mhdawson commented Mar 7, 2022

This is the original coverity report

CID 239979 (#1 of 1): Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
overflow_before_widen: Potentially overflowing expression node::AliasedBufferBase<unsigned int, v8::Uint32Array, void>::Reference(buffer[node::http2::IDX_OPTIONS_MAX_SESSION_MEMORY]).operator uint32_t() * 1000000U with type unsigned int (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type uint64_t (64 bits, unsigned).
To avoid overflow, cast either node::AliasedBufferBase<unsigned int, v8::Uint32Array, void>::Reference(buffer[node::http2::IDX_OPTIONS_MAX_SESSION_MEMORY]).operator uint32_t() or 1000000U to type uint64_t.

mcollina
mcollina approved these changes Mar 7, 2022
View changes
Copy link
Member

@mcollina mcollina left a comment

lgtm

@VoltrexMaster VoltrexMaster added the request-ci label Mar 8, 2022
@github-actions github-actions bot removed the request-ci label Mar 8, 2022
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot mentioned this pull request Mar 9, 2022
Open
15 tasks
@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Mar 9, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/42919/

@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Mar 9, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/42928/

@mcollina mcollina added author ready commit-queue and removed needs-ci labels Mar 10, 2022
@nodejs-github-bot nodejs-github-bot removed the commit-queue label Mar 10, 2022
@nodejs-github-bot nodejs-github-bot merged commit 82342c2 into nodejs:master Mar 10, 2022
64 checks passed
@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Mar 10, 2022

Landed in 82342c2

@github-actions github-actions bot mentioned this pull request Mar 12, 2022
Open
15 tasks
@github-actions github-actions bot mentioned this pull request Mar 13, 2022
Open
17 tasks
@github-actions github-actions bot mentioned this pull request Mar 14, 2022
Open
28 tasks
bengl pushed a commit that referenced this issue Mar 21, 2022
@mhdawson @bengl
http2: fix potential integer overflow
88dee3c 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42248
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@bengl bengl mentioned this pull request Mar 21, 2022
Merged
danielleadams pushed a commit to danielleadams/node that referenced this issue Apr 21, 2022
@mhdawson @danielleadams
http2: fix potential integer overflow
c61fe77 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#42248
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@danielleadams danielleadams mentioned this pull request Apr 24, 2022
Merged
danielleadams pushed a commit that referenced this issue Apr 24, 2022
@mhdawson @danielleadams
http2: fix potential integer overflow
babb250 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42248
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
danielleadams pushed a commit that referenced this issue Apr 24, 2022
@mhdawson @danielleadams
http2: fix potential integer overflow
8529196 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42248
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
danielleadams pushed a commit that referenced this issue Apr 24, 2022
@mhdawson @danielleadams
http2: fix potential integer overflow
d301a88 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42248
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
xtx1130 pushed a commit to xtx1130/node that referenced this issue Apr 25, 2022
@mhdawson @xtx1130
http2: fix potential integer overflow
07114d6 
Fix report from coverity on potential integer overflow
in http2.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#42248
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcollina mcollina

@tniessen tniessen

@VoltrexMaster VoltrexMaster

Assignees
No one assigned
Labels
author ready c++ http2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mhdawson @nodejs-github-bot @mcollina @tniessen @VoltrexMaster