[Libvir] detect overflow in string-to-int conversion
Hi, Not a big deal, but it's better not to accept a bogus "4294967297" and silently map it to "1". Don't accept an arbitrarily-long string of digits. * src/xml.c (parseNumber): Detect overflow. diff --git a/src/xml.c b/src/xml.c index 3e92040..5011dc2 100644 --- a/src/xml.c +++ b/src/xml.c @@ -1,7 +1,7 @@ /* * xml.c: XML based interfaces for the libvir library * - * Copyright (C) 2005 Red Hat, Inc. + * Copyright (C) 2005, 2007 Red Hat, Inc. * * See COPYING.LIB for the License of this software * @@ -77,7 +77,7 @@ skipSpaces(const char **str) { * * Parse a number * - * Returns the CPU number or -1 in case of error. @str will be + * Returns the unsigned number or -1 in case of error. @str will be * updated to skip the number. */ static int @@ -89,8 +89,11 @@ parseNumber(const char **str) { return(-1); while ((*cur >= '0') && (*cur <= '9')) { - ret = ret * 10 + (*cur - '0'); - cur++; + unsigned int c = *cur - '0'; + if (ret > INT_MAX / 10 || (ret == INT_MAX / 10 && c > INT_MAX % 10)) + return(-1); + ret = ret * 10 + c; + cur++; } *str = cur; return(ret);
On Wed, Oct 24, 2007 at 03:52:22PM +0200, Jim Meyering wrote:
Hi,
Not a big deal, but it's better not to accept a bogus "4294967297" and silently map it to "1".
Don't accept an arbitrarily-long string of digits. * src/xml.c (parseNumber): Detect overflow.
Right, thanks ! I just fully reparenthesized the test before applying. I also reindented the full module since there were some misleading indentations. It's commited, thanks a lot ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
participants (2)
-
Daniel Veillard -
Jim Meyering