Subtract don't add, avoid overflow

benaadams · benaadams · commit 0d11a89c7c54 · 2017-01-22T23:53:20.000Z
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/FrameHeaders.cs b/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/FrameHeaders.cs
@@ -249,7 +249,7 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)
                             {
                                 ThrowInvalidHeaderCharacter(pHeader + offset, Vector<byte>.Count);
                             }
-                        } while (offset + Vector<byte>.Count <= length);
+                        } while (offset <= length - Vector<byte>.Count);
                     }
 
                     // Non-vector testing:
@@ -258,7 +258,7 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)
                     // Flag > 0x007f => All but highest bit picked up by 0x7f flagging, highest bit picked up by < 0x20 flagging
                     // Bitwise | or the above three together
                     // Bitwise & and each char with 0xff80; result should be 0 if all tests pass
-                    if (offset + sizeof(ulong) <= length)
+                    if (offset <= length - sizeof(ulong))
                     {
                         do
                         {
@@ -268,9 +268,9 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)
                             {
                                 ThrowInvalidHeaderCharacter(pHeader + offset, sizeof(ulong));
                             }
-                        } while (offset + sizeof(ulong) <= length);
+                        } while (offset <= length - sizeof(ulong));
                     }
-                    if (offset + sizeof(uint) <= length)
+                    if (offset <= length - sizeof(uint))
                     {
                         var stringUint = (uint*)(pHeader + offset);
                         offset += sizeof(uint);
@@ -279,7 +279,7 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)
                             ThrowInvalidHeaderCharacter(pHeader + offset, sizeof(uint));
                         }
                     }
-                    if (offset + sizeof(ushort) <= length)
+                    if (offset <= length - sizeof(ushort))
                     {
                         var stringUshort = (ushort*)(pHeader + offset);
                         offset += sizeof(ushort);

Original file line number	Diff line number	Diff line change
`@@ -249,7 +249,7 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)`
`249`	`249`	`{`
`250`	`250`	`ThrowInvalidHeaderCharacter(pHeader + offset, Vector<byte>.Count);`
`251`	`251`	`}`
`252`		`- } while (offset + Vector<byte>.Count <= length);`
	`252`	`+ } while (offset <= length - Vector<byte>.Count);`
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`// Non-vector testing:`
`@@ -258,7 +258,7 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)`
`258`	`258`	`// Flag > 0x007f => All but highest bit picked up by 0x7f flagging, highest bit picked up by < 0x20 flagging`
`259`	`259`	`// Bitwise \| or the above three together`
`260`	`260`	`// Bitwise & and each char with 0xff80; result should be 0 if all tests pass`
`261`		`- if (offset + sizeof(ulong) <= length)`
	`261`	`+ if (offset <= length - sizeof(ulong))`
`262`	`262`	`{`
`263`	`263`	`do`
`264`	`264`	`{`
`@@ -268,9 +268,9 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)`
`268`	`268`	`{`
`269`	`269`	`ThrowInvalidHeaderCharacter(pHeader + offset, sizeof(ulong));`
`270`	`270`	`}`
`271`		`- } while (offset + sizeof(ulong) <= length);`
	`271`	`+ } while (offset <= length - sizeof(ulong));`
`272`	`272`	`}`
`273`		`- if (offset + sizeof(uint) <= length)`
	`273`	`+ if (offset <= length - sizeof(uint))`
`274`	`274`	`{`
`275`	`275`	`var stringUint = (uint*)(pHeader + offset);`
`276`	`276`	`offset += sizeof(uint);`
`@@ -279,7 +279,7 @@ public static unsafe void ValidateHeaderCharacters(string headerCharacters)`
`279`	`279`	`ThrowInvalidHeaderCharacter(pHeader + offset, sizeof(uint));`
`280`	`280`	`}`
`281`	`281`	`}`
`282`		`- if (offset + sizeof(ushort) <= length)`
	`282`	`+ if (offset <= length - sizeof(ushort))`
`283`	`283`	`{`
`284`	`284`	`var stringUshort = (ushort*)(pHeader + offset);`
`285`	`285`	`offset += sizeof(ushort);`