commit 8eac854cc7c847897fdab85d0173178dbcf1ab2e
parent 1a8211822166322c8609ee15179aaf13d028d4e6
Author: Roberto E. Vargas Caballero <k0ga@shike2.com>
Date: Thu, 11 Nov 2021 15:18:21 +0100
cc2: Check for overflow in array()
The input of cc2 is considered trusted, but it does not
hurt to check it again.
Diffstat:
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/cmd/cc/cc2/cc2.h b/src/cmd/cc/cc2/cc2.h
@@ -139,6 +139,7 @@ enum nerrors {
EWTACKU, /* switch stack underflow */
ENOSWTC, /* Out of switch statement */
EBBUILT, /* Unknown builtin */
+ EOVERFL, /* Numerical overflow */
ENUMERR
};
diff --git a/src/cmd/cc/cc2/parser.c b/src/cmd/cc/cc2/parser.c
@@ -1,4 +1,5 @@
#include <errno.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -572,7 +573,11 @@ array(void)
base = pop();
tp = pop();
tp->flags = ARRF;
- tp->size = size->u.i * base->size; /* FIXME check for overflow */
+
+ if (size->u.i > LONG_MAX/base->size)
+ error(EOVERFL);
+
+ tp->size = size->u.i * base->size;
tp->align = base->align;
delnode(size);