diff mbox series

[trivial] Fix signed integer overflow in cp-demangle.c (d_number)

Message ID CALoOobPJKA+sxzA-JGPv0YcVfbrp4WufAhm5Jj-=kMjx=rGy8g@mail.gmail.com
State New
Headers show
Series [trivial] Fix signed integer overflow in cp-demangle.c (d_number) | expand

Commit Message

Li, Pan2 via Gcc-patches Oct. 28, 2019, 11:55 p.m. UTC 
Greetings,

This is rather on the trivial side. Google fuzzer found signed integer
overflow in d_number, given this input: _ZZccDF2147483647
Google ref: b141647507.

Ok for trunk?

Thanks,

libiberty/ChangeLog

2019-10-28 Paul Pluzhnikov  <ppluzhnikov@google.com>

        * cp-demangle (d_number): Avoid signed int overflow.


--
Paul Pluzhnikov

Comments

Jason Merrill Oct. 29, 2019, 4:19 a.m. UTC | #1 
OK.

On Mon, Oct 28, 2019 at 7:56 PM Paul Pluzhnikov via gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
> Greetings,
>
> This is rather on the trivial side. Google fuzzer found signed integer
> overflow in d_number, given this input: _ZZccDF2147483647
> Google ref: b141647507.
>
> Ok for trunk?
>
> Thanks,
>
> libiberty/ChangeLog
>
> 2019-10-28 Paul Pluzhnikov  <ppluzhnikov@google.com>
>
>         * cp-demangle (d_number): Avoid signed int overflow.
>
>
> --
> Paul Pluzhnikov
diff mbox series

Patch

Index: libiberty/cp-demangle.c
===================================================================
--- libiberty/cp-demangle.c	(revision 277545)
+++ libiberty/cp-demangle.c	(working copy)
@@ -1717,7 +1717,7 @@ 
 	}
       if (ret > ((INT_MAX - (peek - '0')) / 10))
         return -1;
-      ret = ret * 10 + peek - '0';
+      ret = ret * 10 + (peek - '0');
       d_advance (di, 1);
       peek = d_peek_char (di);
     }