From b6bdb6d2f3ebdde975a369669792021f70118a50 Mon Sep 17 00:00:00 2001
From: eadler <eadler@FreeBSD.org>
Date: Tue, 21 May 2013 19:56:03 +0000
Subject: Avoid signed overflow in error handling code.

Reviewed by:	cperciva, bjk
---
 usr.bin/split/split.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/usr.bin/split/split.c b/usr.bin/split/split.c
index 561113e..572af59 100644
--- a/usr.bin/split/split.c
+++ b/usr.bin/split/split.c
@@ -379,8 +379,10 @@ newfile(void)
 
 	/* maxfiles = pattlen^sufflen, but don't use libm. */
 	for (maxfiles = 1, i = 0; i < sufflen; i++)
-		if ((maxfiles *= pattlen) <= 0)
+		if (LONG_MAX / pattlen < maxfiles)
 			errx(EX_USAGE, "suffix is too long (max %ld)", i);
+		else
+			maxfiles *= pattlen;
 
 	if (fnum == maxfiles)
 		errx(EX_DATAERR, "too many files");
-- 
cgit v1.1