Fix dehumanize_number() to correctly detect overflows

Do not allow numbers greated than INT64_MAX and smaller than INT64_MIN. Clarify the positive sign value by prefixing it with an explicit +. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=66909
2025-10-17 03:03:26 +02:00 · 2013-07-15 01:44:30 +02:00
parent 119417462e
commit 61b2dbb8f5
2 changed files with 23 additions and 4 deletions
--- a/src/dehumanize_number.c
+++ b/src/dehumanize_number.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012 Guillem Jover <guillem@hadrons.org>
+ * Copyright © 2012-2013 Guillem Jover <guillem@hadrons.org>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -35,8 +35,8 @@
 int
 dehumanize_number(const char *buf, int64_t *num)
 {
-	uint64_t rval;
-	int sign = 1;
+	uint64_t rval, rmax;
+	int sign = +1;
 	int rc;

 	/* The current expand_number() implementation uses bit shifts, so
@@ -52,7 +52,13 @@ dehumanize_number(const char *buf, int64_t *num)
 	rc = expand_number(buf, &rval);
 	if (rc < 0)
 		return rc;
-	if (rval == UINT64_MAX && sign == -1) {
+
+	/* The sign has been stripped, so rval has the absolute value.
+	 * Error out, regardless of the sign, if rval is greater than
+	 * abs(INT64_MIN) (== INT64_MAX + 1), or if the sign is positive
+	 * and the value has overflown by one (INT64_MAX + 1). */
+	rmax = INT64_MAX + 1ULL;
+	if (rval > rmax || (rval == rmax && sign == +1)) {
 		errno = ERANGE;
 		return -1;
 	}