diff options
| author | Telukula Jeevan Kumar Sahu <j-sahu@ti.com> | 2026-03-02 20:16:34 +0530 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2026-03-02 19:26:02 -0800 |
| commit | bb5f304e15ae959d91a34ee236b2e4cd93e02031 (patch) | |
| tree | 58cffb175c876ac2232660ffca7643416e4b9b06 /meta-python/recipes-devtools/python/python3-click-spinner | |
| parent | c3e16d369d6ec0b954a4d0c13eaeff54e61412b8 (diff) | |
| download | meta-openembedded-bb5f304e15ae959d91a34ee236b2e4cd93e02031.tar.gz | |
nodejs: fix NEON llhttp ctzll undefined behavior
The NEON SIMD fast path in the bundled llhttp calls
__builtin_ctzll(match_mask) without checking if match_mask is zero.
When all 16 bytes in a NEON register are valid header value characters,
match_mask is 0. Calling __builtin_ctzll(0) is undefined behavior.
GCC at -O2 exploits this by optimizing "if (match_len != 16)" to
always-true, causing HTTP 400 Bad Request for any header value longer
than 16 characters on ARM targets with NEON enabled.
Fix by explicitly checking for match_mask == 0 and setting
match_len = 16. This bug affects both aarch64 and armv7 NEON targets.
The code this patch modifies is generated, so the patch itself isn't
suitable for upstream submission, as the root cause of the error is
in the generator itself. The fix has been merged upstream[1] in
llparse 7.3.1 and is included in llhttp 9.3.1. This patch can be
dropped when nodejs updates its bundled llhttp to >= 9.3.1.
[1]: https://github.com/nodejs/llparse/pull/83
Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-click-spinner')
0 files changed, 0 insertions, 0 deletions