From 7d2bc04e391f9216fb4e0464cb43c9c438f7e034 Mon Sep 17 00:00:00 2001
From: Oisin Canty <o.canty@f5.com>
Date: Fri, 2 Jul 2021 10:55:13 +0000
Subject: [PATCH] Fixing crash during IPv6 text address generation.

When the textual representation of an IPv6 nxt_sockaddr_t was being
generated, a crash would occur if the address had a full IPv6 form:

f607:7403:1e4b:6c66:33b2:843f:2517:da27

This was caused by a variable that tracks the location of a
collapsed group ("::") that was not set to a sane default.  When
the address was generated, a group would be inserted when
it was not necessary, thus causing an overflow.

This closes #481 issue on GitHub.
---
 docs/changes.xml   | 7 +++++++
 src/nxt_sockaddr.c | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/changes.xml b/docs/changes.xml
index 2af2fc90..1d77aea7 100644
--- a/docs/changes.xml
+++ b/docs/changes.xml
@@ -45,6 +45,13 @@ process stopped or crashed.
 </para>
 </change>
 
+<change type="bugfix">
+<para>
+the controller or router process could crash if the configuration contained
+a full-form IPv6 in a listener address.
+</para>
+</change>
+
 </changes>
 
 
diff --git a/src/nxt_sockaddr.c b/src/nxt_sockaddr.c
index af696a6b..47ee165f 100644
--- a/src/nxt_sockaddr.c
+++ b/src/nxt_sockaddr.c
@@ -525,9 +525,9 @@ nxt_inet6_ntop(u_char *addr, u_char *buf, u_char *end)
         return buf;
     }
 
-    zero_start = 8;
+    zero_start = 16;
     zero_groups = 0;
-    last_zero_start = 8;
+    last_zero_start = 16;
     last_zero_groups = 0;
 
     for (i = 0; i < 16; i += 2) {