diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2017-03-15 00:13:19 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2017-03-15 00:13:19 +0000 |
| commit | 8ecac91bcb2247bd4b1447a937b563dfc40a8778 (patch) | |
| tree | 04b5f61f53d9e9316904c6d5391cd8b053d7db8b /lib/libutil | |
| parent | 63214584f8c63fa1a94714fb70cce6437574f247 (diff) | |
Catch integer underflow in scan_scaled reported by Nicolas Iooss.
ok deraadt@ djm@
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/fmt_scaled.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libutil/fmt_scaled.c b/lib/libutil/fmt_scaled.c index bbeb01fdd0e..76085153752 100644 --- a/lib/libutil/fmt_scaled.c +++ b/lib/libutil/fmt_scaled.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */ +/* $OpenBSD: fmt_scaled.c,v 1.14 2017/03/15 00:13:18 dtucker Exp $ */ /* * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. @@ -171,6 +171,11 @@ scan_scaled(char *scaled, long long *result) return -1; } + if (whole <= LLONG_MIN / scale_fact) { + errno = ERANGE; + return -1; + } + /* scale whole part */ whole *= scale_fact; |