bin/140185: [patch] expand_number() does not detect overflow in
numeric part
Mikko Tyolajarvi
mikko.tyolajarvi at gmail.com
Mon Nov 2 00:30:02 UTC 2009
>Number: 140185
>Category: bin
>Synopsis: [patch] expand_number() does not detect overflow in numeric part
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 02 00:30:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Mikko Tyolajarvi
>Release: 7.2-STABLE
>Organization:
>Environment:
FreeBSD antec.home 7.2-STABLE FreeBSD 7.2-STABLE #1: Fri Sep 4 19:36:49 PDT 2009 mikko at antec.home:/usr/obj/usr/src/sys/GENERIC i386
>Description:
The expand_number() function will silently truncate the numeric part
to the size of a maxint_t and if there is no suffix, no error is returned.
Overflow in strings that include a suffix is detected (e.g. "8E")
The patch is against -CURRENT.
>How-To-Repeat:
Compile and run this program with no arguments. It should print "ok".
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <libutil.h>
#include <inttypes.h>
int
main(int argc, const char *argv[])
{
int64_t num = 0;
const char *s;
int rc;
s = (argc > 1) ? argv[1] : "9223372036854775808"; /* 2^63 */
rc = expand_number(s, &num);
if (rc < 0 && errno == ERANGE) {
printf("ok\n");
return 0;
}
printf("nope. rc = %d, num = %lld\n", rc, num);
return 1;
}
>Fix:
Check return value and errno from strtoimax(). Patch attached.
Patch attached with submission follows:
--- expand_number.c.orig 2009-11-01 16:10:42.000000000 -0800
+++ expand_number.c 2009-11-01 16:12:54.000000000 -0800
@@ -52,10 +52,17 @@
static const char unit[] = "bkmgtpe";
char *endptr, s;
int64_t number;
- int i;
+ int i, oerrno;
+ oerrno = errno;
+ errno = 0;
number = strtoimax(buf, &endptr, 0);
+ if ((number == INTMAX_MIN || number == INTMAX_MAX) && errno == ERANGE)
+ return (-1);
+
+ errno = oerrno;
+
if (endptr == buf) {
/* No valid digits. */
errno = EINVAL;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list