Check for an integer overflow in getword_atoll

Just to be sure we are reading correct data, the number build by
getword_atoll is checked for any overflow.

diff --git a/util.c b/util.c
index 45519b97ba5ccaade9ad56defad692f3869222b0..b03acb60457a79cef66d625638692937c03a6664 100644 (file)
--- a/util.c
+++ b/util.c
@@ -172,6 +172,7 @@ int getword_atoll(long long int *number, struct getwordstruct *gwarea, char stop
 {
        int x;
        int sign=+1;
+       int digit;
 
        if (gwarea->current[0] == '-') {
                gwarea->current++;
@@ -181,7 +182,12 @@ int getword_atoll(long long int *number, struct getwordstruct *gwarea, char stop
        }
        *number=0LL;
        for(x=0;isdigit(gwarea->current[x]);x++) {
-               *number=(*number * 10) + gwarea->current[x]-'0';
+               digit=gwarea->current[x]-'0';
+               if (*number >= (LLONG_MAX-digit)/10) {
+                       debuga(_("Integer overflow detected in getword_atoll in line %s\n"),gwarea->beginning);
+                       return(-1);
+               }
+               *number=(*number * 10) + digit;
        }
        if(gwarea->current[x] && gwarea->current[x]!=stop) {
                printf("SARG: getword_atoll loop detected after %d bytes.\n",x);