HTTP/2: fixed possible buffer overrun (ticket #893). Due to greater priority of the unary plus operator over the ternary operator the expression didn't work as expected. That might result in one byte less allocation than needed for the HEADERS frame buffer.

commit: 3035e9339be31e6aa97fb3e86196c6b40d52904f [log] [tgz]
author: Valentin Bartenev <vbart@nginx.com> Thu Feb 04 18:01:04 2016 +0300
committer: Valentin Bartenev <vbart@nginx.com> Thu Feb 04 18:01:04 2016 +0300
tree: ea75d2250ed73a6d1eadd4b27cb36fca95a90cf8
parent: c6ad9ada8869f0b5b0a187f64ada0e848e95c0fe [diff]
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index ed30fe5..ea58979 100644
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c

@@ -215,8 +215,8 @@
     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
     if (r->headers_out.server == NULL) {
-        len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
-                                       : ngx_http_v2_literal_size("nginx");
+        len += 1 + (clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
+                                        : ngx_http_v2_literal_size("nginx"));
     }
 
     if (r->headers_out.date == NULL) {
commit	3035e9339be31e6aa97fb3e86196c6b40d52904f	[log] [tgz]
author	Valentin Bartenev <vbart@nginx.com>	Thu Feb 04 18:01:04 2016 +0300
committer	Valentin Bartenev <vbart@nginx.com>	Thu Feb 04 18:01:04 2016 +0300
tree	ea75d2250ed73a6d1eadd4b27cb36fca95a90cf8
parent	c6ad9ada8869f0b5b0a187f64ada0e848e95c0fe [diff]