mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 02:49:12 +00:00
bb5f304e15
The NEON SIMD fast path in the bundled llhttp calls __builtin_ctzll(match_mask) without checking if match_mask is zero. When all 16 bytes in a NEON register are valid header value characters, match_mask is 0. Calling __builtin_ctzll(0) is undefined behavior. GCC at -O2 exploits this by optimizing "if (match_len != 16)" to always-true, causing HTTP 400 Bad Request for any header value longer than 16 characters on ARM targets with NEON enabled. Fix by explicitly checking for match_mask == 0 and setting match_len = 16. This bug affects both aarch64 and armv7 NEON targets. The code this patch modifies is generated, so the patch itself isn't suitable for upstream submission, as the root cause of the error is in the generator itself. The fix has been merged upstream[1] in llparse 7.3.1 and is included in llhttp 9.3.1. This patch can be dropped when nodejs updates its bundled llhttp to >= 9.3.1. [1]: https://github.com/nodejs/llparse/pull/83 Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Collection of layers for the OE-core universe
Main layer maintainer: Khem Raj raj.khem@gmail.com
This repository is a collection of layers to supplement OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories