diff options
| author | ru <ru@FreeBSD.org> | 2008-04-24 07:49:00 +0000 |
|---|---|---|
| committer | ru <ru@FreeBSD.org> | 2008-04-24 07:49:00 +0000 |
| commit | c17c108c2a09d1d7bf24e6726e8165b3dbf8749e (patch) | |
| tree | 5d8f9178631111f6abf139a34d6f13038c08572d /lib | |
| parent | 0248cb5a7774eff1141218463b802240ee14f5b4 (diff) | |
| download | FreeBSD-src-c17c108c2a09d1d7bf24e6726e8165b3dbf8749e.zip FreeBSD-src-c17c108c2a09d1d7bf24e6726e8165b3dbf8749e.tar.gz | |
Stricter check for integer overflow.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/stdlib/strfmon.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/libc/stdlib/strfmon.c b/lib/libc/stdlib/strfmon.c index 20c69be..f12c8de 100644 --- a/lib/libc/stdlib/strfmon.c +++ b/lib/libc/stdlib/strfmon.c @@ -65,6 +65,8 @@ __FBSDID("$FreeBSD$"); #define GET_NUMBER(VAR) do { \ VAR = 0; \ while (isdigit((unsigned char)*fmt)) { \ + if (VAR > INT_MAX / 10) \ + goto e2big_error; \ VAR *= 10; \ VAR += *fmt - '0'; \ if (VAR < 0) \ |
