Message ID | CALoOobPJKA+sxzA-JGPv0YcVfbrp4WufAhm5Jj-=kMjx=rGy8g@mail.gmail.com |
---|---|
State | New |
Headers | show |
Series | [trivial] Fix signed integer overflow in cp-demangle.c (d_number) | expand |
OK. On Mon, Oct 28, 2019 at 7:56 PM Paul Pluzhnikov via gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > Greetings, > > This is rather on the trivial side. Google fuzzer found signed integer > overflow in d_number, given this input: _ZZccDF2147483647 > Google ref: b141647507. > > Ok for trunk? > > Thanks, > > libiberty/ChangeLog > > 2019-10-28 Paul Pluzhnikov <ppluzhnikov@google.com> > > * cp-demangle (d_number): Avoid signed int overflow. > > > -- > Paul Pluzhnikov
Index: libiberty/cp-demangle.c =================================================================== --- libiberty/cp-demangle.c (revision 277545) +++ libiberty/cp-demangle.c (working copy) @@ -1717,7 +1717,7 @@ } if (ret > ((INT_MAX - (peek - '0')) / 10)) return -1; - ret = ret * 10 + peek - '0'; + ret = ret * 10 + (peek - '0'); d_advance (di, 1); peek = d_peek_char (di); }