luo980/glog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(demangle): prevent signed integer overflow (#955)

Browse Source
This commit is contained in:
Sergiu Deitsch 2023-10-05 23:33:23 +02:00 committed by GitHub
parent 27bf2b2fd3
commit 7ba2f7bc02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/demangle.cc
View File

@ -37,6 +37,7 @@
#include "demangle.h" #include "demangle.h"
#include <cstdio> // for nullptr #include <cstdio> // for nullptr
#include <limits>
#include "utilities.h" #include "utilities.h"
@ -592,9 +593,23 @@ static bool ParseNumber(State *state, int *number_out) {
} }
const char *p = state->mangled_cur; const char *p = state->mangled_cur;
int number = 0; int number = 0;
constexpr int int_max_by_10 = std::numeric_limits<int>::max() / 10;
for (;*p != '\0'; ++p) { for (;*p != '\0'; ++p) {
if (IsDigit(*p)) { if (IsDigit(*p)) {
number = number * 10 + (*p - '0'); // Prevent signed integer overflow when multiplying
if (number > int_max_by_10) {
return false;
}
const int digit = *p - '0';
const int shifted = number * 10;
// Prevent signed integer overflow when summing
if (digit > std::numeric_limits<int>::max() - shifted) {
return false;
}
number = shifted + digit;
} else { } else {
break; break;
} }