From 566c8e6b4b71b8b88a819e1274ed458c1751df10 Mon Sep 17 00:00:00 2001 From: Danny Al-Gaaf Date: Mon, 22 Feb 2016 17:23:12 +0100 Subject: [PATCH] common/ConfUtils.cc: fix potential integer overflow Fix for: CID 1128394 (#1 of 1): Integer overflowed argument (INTEGER_OVERFLOW) overflow: Add operation overflows on operands line_len and 1UL. overflow_assign: Assigning overflowed or truncated value (or a value computed from an overflowed or a truncated value) to rem. overflow_sink: Overflowed or truncated value (or a value computed from an overflowed or truncated value) rem used as critical argument to function. Signed-off-by: Danny Al-Gaaf --- src/common/ConfUtils.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/common/ConfUtils.cc b/src/common/ConfUtils.cc index 1ae5df5408895..84ff626c37b11 100644 --- a/src/common/ConfUtils.cc +++ b/src/common/ConfUtils.cc @@ -297,6 +297,8 @@ load_from_buffer(const char *buf, size_t sz, std::deque *errors, size_t rem = sz; while (1) { b += line_len + 1; + if ((line_len + 1) > rem) + break; rem -= line_len + 1; if (rem == 0) break; -- 2.39.5