From d4531aa2b51df182de8cc65befa33ad8219719a9 Mon Sep 17 00:00:00 2001
From: Roman Tsisyk <roman@tsisyk.com>
Date: Fri, 23 Jun 2017 13:19:09 +0300
Subject: [PATCH] Fix possible integer overflow in mp_check()

Malformed MessagePack can cause `int k` counter overflow
inside mp_check()/mp_next().

See https://github.com/tarantool/nginx_upstream_module/issues/79
See https://github.com/rtsisyk/msgpuck/issues/16
Closes #2540
---
 src/lib/msgpuck          |  2 +-
 test/unit/msgpack.result | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/msgpuck b/src/lib/msgpuck
index 2598bce249..40e24ccf3e 160000
--- a/src/lib/msgpuck
+++ b/src/lib/msgpuck
@@ -1 +1 @@
-Subproject commit 2598bce249077ca49ba311247e03b2a10558bbbb
+Subproject commit 40e24ccf3ec191e6f576da967a64630ca2160bfc
diff --git a/test/unit/msgpack.result b/test/unit/msgpack.result
index 4a5eba39d9..12e8f8626f 100644
--- a/test/unit/msgpack.result
+++ b/test/unit/msgpack.result
@@ -1,4 +1,4 @@
-1..19
+1..20
     1..135
     # *** test_uints ***
     # uint 0U
@@ -1816,3 +1816,11 @@ ok 18 - subtests
     ok 96 - mp_read_double(mp_encode_strl(100)) check pos unchanged
     # *** test_numbers: done ***
 ok 19 - subtests
+    1..4
+    # *** test_overflow ***
+    ok 1 - mp_check array overflow
+    ok 2 - mp_check map overflow
+    ok 3 - mp_check str overflow
+    ok 4 - mp_check bin overflow
+    # *** test_overflow: done ***
+ok 20 - subtests
-- 
GitLab