diff options
| author | Matt Caswell <matt@openssl.org> | 2016-05-25 16:20:48 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-05-27 10:23:18 +0100 |
| commit | 1b62d880b5190de8c49a01837d96501cecf2a111 (patch) | |
| tree | cc296eb674f881bc28b5b33e544652904cea4f9b /crypto/bio | |
| parent | d6056f085dc0d53663433d98eb105cb5f26624e7 (diff) | |
| download | openssl-1b62d880b5190de8c49a01837d96501cecf2a111.zip openssl-1b62d880b5190de8c49a01837d96501cecf2a111.tar.gz openssl-1b62d880b5190de8c49a01837d96501cecf2a111.tar.bz2 | |
Prevent an overflow when trying to print excessively big floats
We convert the integer part of the float to a long. We should check it
fits first.
Issue reported by Guido Vranken.
GitHub Issue #1102
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/bio')
| -rw-r--r-- | crypto/bio/b_print.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 36400cd..d52ad7c 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -561,9 +561,9 @@ fmtfp(char **sbuffer, int padlen = 0; int zpadlen = 0; long exp = 0; - long intpart; - long fracpart; - long max10; + unsigned long intpart; + unsigned long fracpart; + unsigned long max10; int realstyle; if (max < 0) @@ -638,7 +638,11 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - intpart = (long)ufvalue; + if (ufvalue > ULONG_MAX) { + /* Number too big */ + return 0; + } + intpart = (unsigned long)ufvalue; /* * sorry, we only support 9 digits past the decimal because of our |