From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Fri, 25 Jun 2021 15:02:47 +0200 Subject: wordexp: handle overflow in positional parameter number (bug 28011) Use strtoul instead of atoi so that overflow can be detected. --- posix/wordexp-test.c | 1 + posix/wordexp.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'posix') diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c index f93a546..9df02db 100644 --- a/posix/wordexp-test.c +++ b/posix/wordexp-test.c @@ -183,6 +183,7 @@ struct test_case_struct { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, { 0, NULL, "", 0, 0, { NULL, }, IFS }, + { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, /* Flags not already covered (testit() has special handling for these) */ { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, diff --git a/posix/wordexp.c b/posix/wordexp.c index bcbe96e..1f3b09f 100644 --- a/posix/wordexp.c +++ b/posix/wordexp.c @@ -1399,7 +1399,7 @@ envsubst: /* Is it a numeric parameter? */ else if (isdigit (env[0])) { - int n = atoi (env); + unsigned long n = strtoul (env, NULL, 10); if (n >= __libc_argc) /* Substitute NULL. */ -- cgit v1.1