Browse Source

[core] fix -fsanitize=undefined pedantic warning (fixes #3069)

cast to unsigned before << 4 to avoid (pedantic) undefined behavior
of (time_t) (which is signed integral type) on 32-bit signed time_t
The high bit gets shifted into the sign-bit, which is technically
undefined behavior in C, but is defined behavior in C++.

x-ref:
  "pedantic warning from -fsanitize=undefined"
  https://redmine.lighttpd.net/issues/3069
master
Glenn Strauss 3 months ago
parent
commit
830d7e0561
  1. 2
      src/mod_auth.c
  2. 2
      src/mod_secdownload.c

2
src/mod_auth.c

@ -1386,7 +1386,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st
time_t ts = 0;
const unsigned char * const nonce_uns = (unsigned char *)nonce;
for (i = 0; i < 8 && light_isxdigit(nonce_uns[i]); ++i) {
ts = (ts << 4) + hex2int(nonce_uns[i]);
ts =(time_t)((uint32_t)ts << 4) + hex2int(nonce_uns[i]);
}
const time_t cur_ts = log_epoch_secs;
if (nonce[i] != ':'

2
src/mod_secdownload.c

@ -642,7 +642,7 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) {
if (*(ts_str + 8) != '/') return HANDLER_GO_ON;
for (i = 0; i < 8; i++) {
ts = (ts << 4) + hex2int(ts_str[i]);
ts = (time_t)((uint32_t)ts << 4) + hex2int(ts_str[i]);
}
const time_t cur_ts = log_epoch_secs;

Loading…
Cancel
Save