From 830d7e05613e554c67fb3bc81b67dad6e1ece72d Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 14 Feb 2021 13:05:15 -0500 Subject: [PATCH] [core] fix -fsanitize=undefined pedantic warning (fixes #3069) cast to unsigned before << 4 to avoid (pedantic) undefined behavior of (time_t) (which is signed integral type) on 32-bit signed time_t The high bit gets shifted into the sign-bit, which is technically undefined behavior in C, but is defined behavior in C++. x-ref: "pedantic warning from -fsanitize=undefined" https://redmine.lighttpd.net/issues/3069 --- src/mod_auth.c | 2 +- src/mod_secdownload.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mod_auth.c b/src/mod_auth.c index a3b43748..943c2f9a 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -1386,7 +1386,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st time_t ts = 0; const unsigned char * const nonce_uns = (unsigned char *)nonce; for (i = 0; i < 8 && light_isxdigit(nonce_uns[i]); ++i) { - ts = (ts << 4) + hex2int(nonce_uns[i]); + ts =(time_t)((uint32_t)ts << 4) + hex2int(nonce_uns[i]); } const time_t cur_ts = log_epoch_secs; if (nonce[i] != ':' diff --git a/src/mod_secdownload.c b/src/mod_secdownload.c index f4845871..b6f842a0 100644 --- a/src/mod_secdownload.c +++ b/src/mod_secdownload.c @@ -642,7 +642,7 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) { if (*(ts_str + 8) != '/') return HANDLER_GO_ON; for (i = 0; i < 8; i++) { - ts = (ts << 4) + hex2int(ts_str[i]); + ts = (time_t)((uint32_t)ts << 4) + hex2int(ts_str[i]); } const time_t cur_ts = log_epoch_secs;