From 88dee3c6b599df1dc3b97252bd10a13e445bb59d Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 10 Mar 2022 03:53:05 -0500 Subject: [PATCH] http2: fix potential integer overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix report from coverity on potential integer overflow in http2. Signed-off-by: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/42248 Reviewed-By: Matteo Collina Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Tobias Nießen --- src/node_http2.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/node_http2.cc b/src/node_http2.cc index c498d9ce12265d..cf1aa81d32c3ae 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -197,7 +197,8 @@ Http2Options::Http2Options(Http2State* http2_state, SessionType type) { // Important: The maxSessionMemory option in javascript is expressed in // terms of MB increments (i.e. the value 1 == 1 MB) if (flags & (1 << IDX_OPTIONS_MAX_SESSION_MEMORY)) - set_max_session_memory(buffer[IDX_OPTIONS_MAX_SESSION_MEMORY] * 1000000); + set_max_session_memory(buffer[IDX_OPTIONS_MAX_SESSION_MEMORY] * + static_cast(1000000)); if (flags & (1 << IDX_OPTIONS_MAX_SETTINGS)) { nghttp2_option_set_max_settings(