mirror of https://git.tukaani.org/xz.git
Fix string to uint64_t conversion.
Thanks to Denis Excoffier for the bug report.
This commit is contained in:
parent
3e49c8acb0
commit
e1b6935d60
|
@ -56,11 +56,17 @@ str_to_uint64(const char *name, const char *value, uint64_t min, uint64_t max)
|
||||||
|
|
||||||
do {
|
do {
|
||||||
// Don't overflow.
|
// Don't overflow.
|
||||||
if (result > (UINT64_MAX - 9) / 10)
|
if (result > UINT64_MAX / 10)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
result *= 10;
|
result *= 10;
|
||||||
result += *value - '0';
|
|
||||||
|
// Another overflow check
|
||||||
|
const uint32_t add = *value - '0';
|
||||||
|
if (UINT64_MAX - add < result)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
result += add;
|
||||||
++value;
|
++value;
|
||||||
} while (*value >= '0' && *value <= '9');
|
} while (*value >= '0' && *value <= '9');
|
||||||
|
|
||||||
|
|
|
@ -153,6 +153,9 @@ memlimit_init(void)
|
||||||
/// \brief Convert a string to uint64_t
|
/// \brief Convert a string to uint64_t
|
||||||
///
|
///
|
||||||
/// This is rudely copied from src/xz/util.c and modified a little. :-(
|
/// This is rudely copied from src/xz/util.c and modified a little. :-(
|
||||||
|
/// Since this function is used only for parsing the memory usage limit,
|
||||||
|
/// this cheats a little and saturates too big values to UINT64_MAX instead
|
||||||
|
/// of giving an error.
|
||||||
///
|
///
|
||||||
/// \param max Return value when the string "max" was specified.
|
/// \param max Return value when the string "max" was specified.
|
||||||
///
|
///
|
||||||
|
@ -173,11 +176,17 @@ str_to_uint64(const char *value, uint64_t max)
|
||||||
|
|
||||||
do {
|
do {
|
||||||
// Don't overflow.
|
// Don't overflow.
|
||||||
if (result > (UINT64_MAX - 9) / 10)
|
if (result > UINT64_MAX / 10)
|
||||||
return UINT64_MAX;
|
return UINT64_MAX;
|
||||||
|
|
||||||
result *= 10;
|
result *= 10;
|
||||||
result += *value - '0';
|
|
||||||
|
// Another overflow check
|
||||||
|
const uint32_t add = *value - '0';
|
||||||
|
if (UINT64_MAX - add < result)
|
||||||
|
return UINT64_MAX;
|
||||||
|
|
||||||
|
result += add;
|
||||||
++value;
|
++value;
|
||||||
} while (*value >= '0' && *value <= '9');
|
} while (*value >= '0' && *value <= '9');
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue