diff options
| author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
| commit | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch) | |
| tree | 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /openbsd-compat/fmt_scaled.c | |
| parent | 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff) | |
| parent | 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff) | |
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'openbsd-compat/fmt_scaled.c')
| -rw-r--r-- | openbsd-compat/fmt_scaled.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c index e5533b2de..7c5193e26 100644 --- a/openbsd-compat/fmt_scaled.c +++ b/openbsd-compat/fmt_scaled.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */ | 1 | /* $OpenBSD: fmt_scaled.c,v 1.16 2017/03/16 02:40:46 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. | 4 | * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. |
| @@ -125,22 +125,30 @@ scan_scaled(char *scaled, long long *result) | |||
| 125 | /* ignore extra fractional digits */ | 125 | /* ignore extra fractional digits */ |
| 126 | continue; | 126 | continue; |
| 127 | fract_digits++; /* for later scaling */ | 127 | fract_digits++; /* for later scaling */ |
| 128 | if (fpart >= LLONG_MAX / 10) { | 128 | if (fpart > LLONG_MAX / 10) { |
| 129 | errno = ERANGE; | 129 | errno = ERANGE; |
| 130 | return -1; | 130 | return -1; |
| 131 | } | 131 | } |
| 132 | fpart *= 10; | 132 | fpart *= 10; |
| 133 | if (i > LLONG_MAX - fpart) { | ||
| 134 | errno = ERANGE; | ||
| 135 | return -1; | ||
| 136 | } | ||
| 133 | fpart += i; | 137 | fpart += i; |
| 134 | } else { /* normal digit */ | 138 | } else { /* normal digit */ |
| 135 | if (++ndigits >= MAX_DIGITS) { | 139 | if (++ndigits >= MAX_DIGITS) { |
| 136 | errno = ERANGE; | 140 | errno = ERANGE; |
| 137 | return -1; | 141 | return -1; |
| 138 | } | 142 | } |
| 139 | if (whole >= LLONG_MAX / 10) { | 143 | if (whole > LLONG_MAX / 10) { |
| 140 | errno = ERANGE; | 144 | errno = ERANGE; |
| 141 | return -1; | 145 | return -1; |
| 142 | } | 146 | } |
| 143 | whole *= 10; | 147 | whole *= 10; |
| 148 | if (i > LLONG_MAX - whole) { | ||
| 149 | errno = ERANGE; | ||
| 150 | return -1; | ||
| 151 | } | ||
| 144 | whole += i; | 152 | whole += i; |
| 145 | } | 153 | } |
| 146 | } | 154 | } |
| @@ -170,7 +178,9 @@ scan_scaled(char *scaled, long long *result) | |||
| 170 | } | 178 | } |
| 171 | scale_fact = scale_factors[i]; | 179 | scale_fact = scale_factors[i]; |
| 172 | 180 | ||
| 173 | if (whole >= LLONG_MAX / scale_fact) { | 181 | /* check for overflow and underflow after scaling */ |
| 182 | if (whole > LLONG_MAX / scale_fact || | ||
| 183 | whole < LLONG_MIN / scale_fact) { | ||
| 174 | errno = ERANGE; | 184 | errno = ERANGE; |
| 175 | return -1; | 185 | return -1; |
| 176 | } | 186 | } |