diff options
author | Tobias Stoeckmann <tobias@cvs.openbsd.org> | 2015-04-02 21:09:52 +0000 |
---|---|---|
committer | Tobias Stoeckmann <tobias@cvs.openbsd.org> | 2015-04-02 21:09:52 +0000 |
commit | 3b3e2458469c3b7a54a16224bfa57e6e0c0d6b73 (patch) | |
tree | 7aeceaabf0f25ad7441c445b2c6363ba968dec7a /usr.bin/sort/sort.c | |
parent | 64ee1cd4a192376e6745215bef44b3ea6d27cd5a (diff) |
Prevent integer overflow when parsing -S argument as percentage.
Also make sure that the parsed memory amount, stored in a long long,
won't be larger than SIZE_MAX to properly support 32 bit systems.
with input by and ok millert@
Diffstat (limited to 'usr.bin/sort/sort.c')
-rw-r--r-- | usr.bin/sort/sort.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.bin/sort/sort.c b/usr.bin/sort/sort.c index a6d07cdbe59..e303eb9fcc3 100644 --- a/usr.bin/sort/sort.c +++ b/usr.bin/sort/sort.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sort.c,v 1.73 2015/04/02 21:04:06 tobias Exp $ */ +/* $OpenBSD: sort.c,v 1.74 2015/04/02 21:09:51 tobias Exp $ */ /*- * Copyright (C) 2009 Gabor Kovesdan <gabor@FreeBSD.org> @@ -41,6 +41,7 @@ #include <regex.h> #include <signal.h> #include <stdbool.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -368,6 +369,9 @@ parse_memory_buffer_value(const char *value) case 'b': break; case '%': + if (available_free_memory != 0 && + membuf > ULLONG_MAX / available_free_memory) + goto invalid; membuf = (available_free_memory * membuf) / 100; break; @@ -375,6 +379,8 @@ parse_memory_buffer_value(const char *value) warnc(EINVAL, "%s", optarg); membuf = available_free_memory; } + if (membuf > SIZE_MAX) + goto invalid; return membuf; invalid: errx(2, "invalid memory buffer size: %s", value); |