[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvir] detect overflow in string-to-int conversion



Hi,

Not a big deal, but it's better not to accept a bogus
"4294967297" and silently map it to "1".

	Don't accept an arbitrarily-long string of digits.
        * src/xml.c (parseNumber): Detect overflow.

diff --git a/src/xml.c b/src/xml.c
index 3e92040..5011dc2 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -1,7 +1,7 @@
 /*
  * xml.c: XML based interfaces for the libvir library
  *
- * Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2005, 2007 Red Hat, Inc.
  *
  * See COPYING.LIB for the License of this software
  *
@@ -77,7 +77,7 @@ skipSpaces(const char **str) {
  *
  * Parse a number
  *
- * Returns the CPU number or -1 in case of error. @str will be
+ * Returns the unsigned number or -1 in case of error. @str will be
  *         updated to skip the number.
  */
 static int
@@ -89,8 +89,11 @@ parseNumber(const char **str) {
         return(-1);
 
     while ((*cur >= '0') && (*cur <= '9')) {
-        ret = ret * 10 + (*cur - '0');
-	cur++;
+        unsigned int c = *cur - '0';
+        if (ret > INT_MAX / 10 || (ret == INT_MAX / 10 && c > INT_MAX % 10))
+            return(-1);
+        ret = ret * 10 + c;
+        cur++;
     }
     *str = cur;
     return(ret);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]