External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

virconf: Properly fix numeric overflow when parsing numbers in conf files

Browse Source 
The previous fix didn't check the overflow in addition. Use the new
macro to check both multiplication and addition overflows.

Fixes: 8666523b7d
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
Peter Krempa 2024-09-09 16:46:08 +02:00 committed by Pavel Hrdina
parent 23cb613606
commit a9ede822da
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/util/virconf.c
View File

@ -347,13 +347,15 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
return -1;
}
while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
if (l > LLONG_MAX / 10) {
long long c = (CUR - '0');
if (VIR_MULTIPLY_ADD_IS_OVERFLOW(LLONG_MAX, l, 10, c)) {
virConfError(ctxt, VIR_ERR_OVERFLOW,
_("numeric overflow in conf value"));
return -1;
}
l = l * 10 + (CUR - '0');
l = l * 10 + c;
NEXT;
}
if (neg)