commit 31a1224: [Fix] Avoid another overflow in fpconv
Vsevolod Stakhov
vsevolod at highsecure.ru
Sat May 18 14:14:06 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-05-18 15:06:20 +0100
URL: https://github.com/rspamd/rspamd/commit/31a1224de44218d8252f25aa42e2544b7ef74119 (HEAD -> master)
[Fix] Avoid another overflow in fpconv
Issue: #2904
---
contrib/fpconv/fpconv.c | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/contrib/fpconv/fpconv.c b/contrib/fpconv/fpconv.c
index b01793400..4ec2e3560 100644
--- a/contrib/fpconv/fpconv.c
+++ b/contrib/fpconv/fpconv.c
@@ -227,18 +227,32 @@ static int emit_digits(char* digits, int ndigits, char* dest, int K, bool neg,
offset = -offset;
dest[0] = '0';
dest[1] = '.';
- memset(dest + 2, '0', offset);
- memcpy(dest + offset + 2, digits, ndigits);
- return ndigits + 2 + offset;
+ /* We have up to 21 characters in output available */
+ if (offset + ndigits <= 21) {
+ memset(dest + 2, '0', offset);
+ memcpy(dest + offset + 2, digits, ndigits);
+
+ return ndigits + 2 + offset;
+ }
+ else {
+ /* Overflow */
+ dest[2] = '0';
+ return 3;
+ }
/* fp > 1.0 */
} else {
memcpy(dest, digits, offset);
- dest[offset] = '.';
- memcpy(dest + offset + 1, digits + offset, ndigits - offset);
- return ndigits + 1;
+ /* Overflow check */
+ if (ndigits <= 23) {
+ dest[offset] = '.';
+ memcpy(dest + offset + 1, digits + offset, ndigits - offset);
+ return ndigits + 1;
+ }
+
+ return offset;
}
}
More information about the Commits
mailing list