Parenthesized ASCII-related calculations.

This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.

4 files changed, 16 insertions, 16 deletions

diff --git a/src/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
index 292a2b863..6256b13ad 100644
--- a/src/http/modules/ngx_http_range_filter_module.c
+++ b/src/http/modules/ngx_http_range_filter_module.c
@@ -315,7 +315,7 @@ ngx_http_range_parse(ngx_http_request_t *r, ngx_http_range_filter_ctx_t *ctx,
                     return NGX_HTTP_RANGE_NOT_SATISFIABLE;
                 }
 
-                start = start * 10 + *p++ - '0';
+                start = start * 10 + (*p++ - '0');
             }
 
             while (*p == ' ') { p++; }
@@ -345,7 +345,7 @@ ngx_http_range_parse(ngx_http_request_t *r, ngx_http_range_filter_ctx_t *ctx,
                 return NGX_HTTP_RANGE_NOT_SATISFIABLE;
             }
 
-            end = end * 10 + *p++ - '0';
+            end = end * 10 + (*p++ - '0');
         }
 
         while (*p == ' ') { p++; }
diff --git a/src/http/modules/ngx_http_slice_filter_module.c b/src/http/modules/ngx_http_slice_filter_module.c
index 77583429f..7b9de2713 100644
--- a/src/http/modules/ngx_http_slice_filter_module.c
+++ b/src/http/modules/ngx_http_slice_filter_module.c
@@ -317,7 +317,7 @@ ngx_http_slice_parse_content_range(ngx_http_request_t *r,
             return NGX_ERROR;
         }
 
-        start = start * 10 + *p++ - '0';
+        start = start * 10 + (*p++ - '0');
     }
 
     while (*p == ' ') { p++; }
@@ -337,7 +337,7 @@ ngx_http_slice_parse_content_range(ngx_http_request_t *r,
             return NGX_ERROR;
         }
 
-        end = end * 10 + *p++ - '0';
+        end = end * 10 + (*p++ - '0');
     }
 
     end++;
@@ -362,7 +362,7 @@ ngx_http_slice_parse_content_range(ngx_http_request_t *r,
                 return NGX_ERROR;
             }
 
-            complete_length = complete_length * 10 + *p++ - '0';
+            complete_length = complete_length * 10 + (*p++ - '0');
         }
 
     } else {
@@ -479,7 +479,7 @@ ngx_http_slice_get_start(ngx_http_request_t *r)
             return 0;
         }
 
-        start = start * 10 + *p++ - '0';
+        start = start * 10 + (*p++ - '0');
     }
 
     return start;
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index e8e51563f..844054c9d 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -742,7 +742,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
-            r->http_major = r->http_major * 10 + ch - '0';
+            r->http_major = r->http_major * 10 + (ch - '0');
 
             if (r->http_major > 1) {
                 return NGX_HTTP_PARSE_INVALID_VERSION;
@@ -784,7 +784,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
-            r->http_minor = r->http_minor * 10 + ch - '0';
+            r->http_minor = r->http_minor * 10 + (ch - '0');
             break;
 
         case sw_spaces_after_digit:
@@ -1518,7 +1518,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
 
         case sw_quoted_second:
             if (ch >= '0' && ch <= '9') {
-                ch = (u_char) ((decoded << 4) + ch - '0');
+                ch = (u_char) ((decoded << 4) + (ch - '0'));
 
                 if (ch == '%' || ch == '#') {
                     state = sw_usual;
@@ -1536,7 +1536,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
 
             c = (u_char) (ch | 0x20);
             if (c >= 'a' && c <= 'f') {
-                ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+                ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
 
                 if (ch == '?') {
                     state = sw_usual;
@@ -1701,7 +1701,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
                 return NGX_ERROR;
             }
 
-            r->http_major = r->http_major * 10 + ch - '0';
+            r->http_major = r->http_major * 10 + (ch - '0');
             break;
 
         /* the first digit of minor HTTP version */
@@ -1729,7 +1729,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
                 return NGX_ERROR;
             }
 
-            r->http_minor = r->http_minor * 10 + ch - '0';
+            r->http_minor = r->http_minor * 10 + (ch - '0');
             break;
 
         /* HTTP status code */
@@ -1742,7 +1742,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
                 return NGX_ERROR;
             }
 
-            status->code = status->code * 10 + ch - '0';
+            status->code = status->code * 10 + (ch - '0');
 
             if (++status->count == 3) {
                 state = sw_space_after_status;
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index c394b2914..cca417d96 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -4503,7 +4503,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
             }
 
             if (*p >= '0' && *p <= '9') {
-                n = n * 10 + *p - '0';
+                n = n * 10 + (*p - '0');
                 continue;
             }
 
@@ -4531,7 +4531,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
             }
 
             if (*p >= '0' && *p <= '9') {
-                n = n * 10 + *p - '0';
+                n = n * 10 + (*p - '0');
                 continue;
             }
 
@@ -4554,7 +4554,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
             }
 
             if (*p >= '0' && *p <= '9') {
-                n = n * 10 + *p - '0';
+                n = n * 10 + (*p - '0');
                 continue;
             }