summaryrefslogtreecommitdiffstats
path: root/contrib
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-05-18 15:06:20 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-05-18 15:06:20 +0100
commit31a1224de44218d8252f25aa42e2544b7ef74119 (patch)
tree21f2e837661afc1c4892c3c5cbc6f8f0382b2f4b /contrib
parent79cf1be1c86e3550394d3c0fb39182e6e4b57bd8 (diff)
downloadrspamd-31a1224de44218d8252f25aa42e2544b7ef74119.tar.gz
rspamd-31a1224de44218d8252f25aa42e2544b7ef74119.zip
[Fix] Avoid another overflow in fpconv
Issue: #2904
Diffstat (limited to 'contrib')
-rw-r--r--contrib/fpconv/fpconv.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/contrib/fpconv/fpconv.c b/contrib/fpconv/fpconv.c
index b01793400..4ec2e3560 100644
--- a/contrib/fpconv/fpconv.c
+++ b/contrib/fpconv/fpconv.c
@@ -227,18 +227,32 @@ static int emit_digits(char* digits, int ndigits, char* dest, int K, bool neg,
offset = -offset;
dest[0] = '0';
dest[1] = '.';
- memset(dest + 2, '0', offset);
- memcpy(dest + offset + 2, digits, ndigits);
- return ndigits + 2 + offset;
+ /* We have up to 21 characters in output available */
+ if (offset + ndigits <= 21) {
+ memset(dest + 2, '0', offset);
+ memcpy(dest + offset + 2, digits, ndigits);
+
+ return ndigits + 2 + offset;
+ }
+ else {
+ /* Overflow */
+ dest[2] = '0';
+ return 3;
+ }
/* fp > 1.0 */
} else {
memcpy(dest, digits, offset);
- dest[offset] = '.';
- memcpy(dest + offset + 1, digits + offset, ndigits - offset);
- return ndigits + 1;
+ /* Overflow check */
+ if (ndigits <= 23) {
+ dest[offset] = '.';
+ memcpy(dest + offset + 1, digits + offset, ndigits - offset);
+ return ndigits + 1;
+ }
+
+ return offset;
}
}