diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-05-18 15:06:20 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-05-18 15:06:20 +0100 |
| commit | 31a1224de44218d8252f25aa42e2544b7ef74119 (patch) | |
| tree | 21f2e837661afc1c4892c3c5cbc6f8f0382b2f4b /contrib/fpconv | |
| parent | 79cf1be1c86e3550394d3c0fb39182e6e4b57bd8 (diff) | |
| download | rspamd-31a1224de44218d8252f25aa42e2544b7ef74119.tar.gz rspamd-31a1224de44218d8252f25aa42e2544b7ef74119.zip | |
[Fix] Avoid another overflow in fpconv
Issue: #2904
Diffstat (limited to 'contrib/fpconv')
| -rw-r--r-- | contrib/fpconv/fpconv.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/contrib/fpconv/fpconv.c b/contrib/fpconv/fpconv.c index b01793400..4ec2e3560 100644 --- a/contrib/fpconv/fpconv.c +++ b/contrib/fpconv/fpconv.c @@ -227,18 +227,32 @@ static int emit_digits(char* digits, int ndigits, char* dest, int K, bool neg, offset = -offset; dest[0] = '0'; dest[1] = '.'; - memset(dest + 2, '0', offset); - memcpy(dest + offset + 2, digits, ndigits); - return ndigits + 2 + offset; + /* We have up to 21 characters in output available */ + if (offset + ndigits <= 21) { + memset(dest + 2, '0', offset); + memcpy(dest + offset + 2, digits, ndigits); + + return ndigits + 2 + offset; + } + else { + /* Overflow */ + dest[2] = '0'; + return 3; + } /* fp > 1.0 */ } else { memcpy(dest, digits, offset); - dest[offset] = '.'; - memcpy(dest + offset + 1, digits + offset, ndigits - offset); - return ndigits + 1; + /* Overflow check */ + if (ndigits <= 23) { + dest[offset] = '.'; + memcpy(dest + offset + 1, digits + offset, ndigits - offset); + return ndigits + 1; + } + + return offset; } } |