[gnome-keyring/wip/dueno/ubsan: 2/3] egg-asn1x: Avoid signed integer overflow
- From: Daiki Ueno <dueno src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/wip/dueno/ubsan: 2/3] egg-asn1x: Avoid signed integer overflow
- Date: Mon, 16 Sep 2019 14:35:40 +0000 (UTC)
commit 0ba098a859bc3b261b1d4fd2740f94216ef30de9
Author: Daiki Ueno <dueno src gnome org>
Date: Mon Sep 16 16:33:08 2019 +0200
egg-asn1x: Avoid signed integer overflow
egg/egg-asn1x.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
---
diff --git a/egg/egg-asn1x.c b/egg/egg-asn1x.c
index b2bc7614..7ab74a84 100644
--- a/egg/egg-asn1x.c
+++ b/egg/egg-asn1x.c
@@ -763,7 +763,7 @@ atlv_parse_length (const guchar *at,
const guchar *end,
gint *off)
{
- gint ans, last;
+ gint ans;
gint k, punt;
gint n_data;
@@ -789,19 +789,15 @@ atlv_parse_length (const guchar *at,
if (k) {
ans = 0;
while (punt <= k && punt < n_data) {
- last = ans;
- ans = ans * 256;
-
/* we wrapped around, no bignum support... */
- if (ans < last)
+ if (ans > G_MAXINT / 256)
return -2;
-
- last = ans;
- ans += at[punt++];
+ ans = ans * 256;
/* we wrapped around, no bignum support... */
- if (ans < last)
+ if (ans > G_MAXINT - at[punt++])
return -2;
+ ans += at[punt++];
}
/* indefinite length method */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
