1 |
From a05e11ff3a663c06e0a30dfa86aa7ed4544a6008 Mon Sep 17 00:00:00 2001 |
2 |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> |
3 |
Date: Fri, 11 Apr 2014 13:41:13 +0200 |
4 |
Subject: [PATCH] Do not rely on wrapping signed integer while parseing |
5 |
{min,max} |
6 |
MIME-Version: 1.0 |
7 |
Content-Type: text/plain; charset=UTF-8 |
8 |
Content-Transfer-Encoding: 8bit |
9 |
|
10 |
Signed integer overflow is not defined in C language. GCC 4.9 bails |
11 |
out here. |
12 |
|
13 |
Signed-off-by: Petr Písař <ppisar@redhat.com> |
14 |
--- |
15 |
pcre_compile.c | 24 ++++++++++++++++-------- |
16 |
1 file changed, 16 insertions(+), 8 deletions(-) |
17 |
|
18 |
diff --git a/pcre_compile.c b/pcre_compile.c |
19 |
index 8a5b723..ce65058 100644 |
20 |
--- a/pcre_compile.c |
21 |
+++ b/pcre_compile.c |
22 |
@@ -1586,11 +1586,15 @@ int max = -1; |
23 |
/* Read the minimum value and do a paranoid check: a negative value indicates |
24 |
an integer overflow. */ |
25 |
|
26 |
-while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0); |
27 |
-if (min < 0 || min > 65535) |
28 |
+while (IS_DIGIT(*p)) |
29 |
{ |
30 |
- *errorcodeptr = ERR5; |
31 |
- return p; |
32 |
+ min = min * 10 + (int)(*p++ - CHAR_0); |
33 |
+ if (min > 65535) |
34 |
+ { |
35 |
+ *errorcodeptr = ERR5; |
36 |
+ while (*p != CHAR_RIGHT_CURLY_BRACKET) p++; |
37 |
+ return p; |
38 |
+ } |
39 |
} |
40 |
|
41 |
/* Read the maximum value if there is one, and again do a paranoid on its size. |
42 |
@@ -1601,11 +1605,15 @@ if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else |
43 |
if (*(++p) != CHAR_RIGHT_CURLY_BRACKET) |
44 |
{ |
45 |
max = 0; |
46 |
- while(IS_DIGIT(*p)) max = max * 10 + (int)(*p++ - CHAR_0); |
47 |
- if (max < 0 || max > 65535) |
48 |
+ while(IS_DIGIT(*p)) |
49 |
{ |
50 |
- *errorcodeptr = ERR5; |
51 |
- return p; |
52 |
+ max = max * 10 + (int)(*p++ - CHAR_0); |
53 |
+ if (max > 65535) |
54 |
+ { |
55 |
+ *errorcodeptr = ERR5; |
56 |
+ while (*p != CHAR_RIGHT_CURLY_BRACKET) p++; |
57 |
+ return p; |
58 |
+ } |
59 |
} |
60 |
if (max < min) |
61 |
{ |
62 |
-- |
63 |
1.9.0 |
64 |
|