From c17c108c2a09d1d7bf24e6726e8165b3dbf8749e Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Thu, 24 Apr 2008 07:49:00 +0000
Subject: Stricter check for integer overflow.

---
 lib/libc/stdlib/strfmon.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/libc')

diff --git a/lib/libc/stdlib/strfmon.c b/lib/libc/stdlib/strfmon.c
index 20c69be..f12c8de 100644
--- a/lib/libc/stdlib/strfmon.c
+++ b/lib/libc/stdlib/strfmon.c
@@ -65,6 +65,8 @@ __FBSDID("$FreeBSD$");
 #define GET_NUMBER(VAR)	do {					\
 	VAR = 0;						\
 	while (isdigit((unsigned char)*fmt)) {			\
+		if (VAR > INT_MAX / 10)				\
+			goto e2big_error;			\
 		VAR *= 10;					\
 		VAR += *fmt - '0';				\
 		if (VAR < 0)					\
-- 
cgit v1.1