This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug locale/21036] New: Missing overflow checks in localedef reading numbers

From: "jsm28 at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 10 Jan 2017 00:59:36 +0000
Subject: [Bug locale/21036] New: Missing overflow checks in localedef reading numbers
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=21036

            Bug ID: 21036
           Summary: Missing overflow checks in localedef reading numbers
           Product: glibc
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: locale
          Assignee: unassigned at sourceware dot org
          Reporter: jsm28 at gcc dot gnu.org
  Target Milestone: ---

locale/programs/linereader.c has the code:

      while (isdigit (ch = lr_getc (lr)))
        {
          lr->token.val.num *= 10;
          lr->token.val.num += ch - '0';
        }

There is no check for the multiplication or addition overflowing unsigned long
int (the type of num).  Then, when such tokens are used later, the value is
often stored in smaller fields, again without checks for overflow.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug locale/21036] Missing overflow checks in localedef reading numbers
  - From: cvs-commit at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]