Browse code

core: protect for unsigned int value overflow on string convert

Daniel-Constantin Mierla authored on 29/11/2021 10:24:51
Showing 1 changed files
... ...
@@ -628,7 +628,7 @@ static inline void strlower(str* _s)
628 628
 }
629 629
 
630 630
 
631
-#define str2unval(_s, _r) do { \
631
+#define str2unval(_s, _r, _vmax) do { \
632 632
 		int i; \
633 633
 		if (_r == NULL) return -1; \
634 634
 		*_r = 0; \
... ...
@@ -637,7 +637,13 @@ static inline void strlower(str* _s)
637 637
 		if (_s->s == NULL) return -1; \
638 638
 		for(i = 0; i < _s->len; i++) { \
639 639
 			if ((_s->s[i] >= '0') && (_s->s[i] <= '9')) { \
640
+				if(*_r > _vmax/10) { \
641
+					return -1; \
642
+				} \
640 643
 				*_r *= 10; \
644
+				if(*_r > _vmax - (_s->s[i] - '0')) { \
645
+					return -1; \
646
+				} \
641 647
 				*_r += _s->s[i] - '0'; \
642 648
 			} else { \
643 649
 				return -1; \
... ...
@@ -651,7 +657,7 @@ static inline void strlower(str* _s)
651 657
  */
652 658
 static inline int str2ulong(str* _s, unsigned long* _r)
653 659
 {
654
-	str2unval(_s, _r);
660
+	str2unval(_s, _r, ULONG_MAX);
655 661
 }
656 662
 
657 663
 /*
... ...
@@ -659,7 +665,7 @@ static inline int str2ulong(str* _s, unsigned long* _r)
659 665
  */
660 666
 static inline int str2int(str* _s, unsigned int* _r)
661 667
 {
662
-	str2unval(_s, _r);
668
+	str2unval(_s, _r, UINT_MAX);
663 669
 }
664 670
 
665 671
 #define str2snval(_s, _r, _vmin, _vmax) do { \