diff options
| author |   dtucker <dtucker@openbsd.org> | 2017-03-16 02:40:46 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2017-03-16 02:40:46 +0000 |
| commit | 131c0d401abb2385b0162c8b90fbd997bf6410ba (patch) | |
| tree | bb5597b121daf5c7996d1a547a614ff1db5387d4 /lib/libutil | |
| parent | Configure and apply the multitouch-tracking functions of wsmouse. (diff) | |
| download | wireguard-openbsd-131c0d401abb2385b0162c8b90fbd997bf6410ba.tar.xz wireguard-openbsd-131c0d401abb2385b0162c8b90fbd997bf6410ba.zip | |
Fix overly-conservative overflow checks on mulitplications and add checks
on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error). ok millert@
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/fmt_scaled.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/libutil/fmt_scaled.c b/lib/libutil/fmt_scaled.c index f43b77d5c3b..7a4dee2d04b 100644 --- a/lib/libutil/fmt_scaled.c +++ b/lib/libutil/fmt_scaled.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt_scaled.c,v 1.15 2017/03/15 05:25:56 dtucker Exp $ */ +/* $OpenBSD: fmt_scaled.c,v 1.16 2017/03/16 02:40:46 dtucker Exp $ */ /* * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. @@ -121,22 +121,30 @@ scan_scaled(char *scaled, long long *result) /* ignore extra fractional digits */ continue; fract_digits++; /* for later scaling */ - if (fpart >= LLONG_MAX / 10) { + if (fpart > LLONG_MAX / 10) { errno = ERANGE; return -1; } fpart *= 10; + if (i > LLONG_MAX - fpart) { + errno = ERANGE; + return -1; + } fpart += i; } else { /* normal digit */ if (++ndigits >= MAX_DIGITS) { errno = ERANGE; return -1; } - if (whole >= LLONG_MAX / 10) { + if (whole > LLONG_MAX / 10) { errno = ERANGE; return -1; } whole *= 10; + if (i > LLONG_MAX - whole) { + errno = ERANGE; + return -1; + } whole += i; } } |