bits: prevent unsigned integer underflow and long-lived loop

If 0 is allowed for --width it will culminate to a wraparound
due to an unsigned integer underflow when a size_t for-loop
control variable, namely 'n', is setup. n is the result of
cpuset_nbits(size) - 1, where size is set by cpuset_alloc()
which was called with 0 (width) for the @ncpus parameter that
will make it so that @size remains 0 as the calculated memory
allocation size yields zero as well. Therefore the sum for 'n'
will be -1 that wraps around to UINT_MAX and end creates a
long-lived for loop.

Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>

diff --git a/text-utils/bits.c b/text-utils/bits.c
index 97a77a82f72b3bedc34f4df8923ecf7122c03bc9..dbeaa09b765c57fc9083a0ad32b0cd4e7a97f200 100644 (file)
--- a/text-utils/bits.c
+++ b/text-utils/bits.c
@@ -17,6 +17,7 @@
 #include <stdbool.h>
 #include <stdint.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -283,6 +284,8 @@ int main(int argc, char **argv)
                        /* allow up to 128k masks */
                        width = str2unum_or_err(optarg,
                                10, _("invalid --width"), 128 * 1024);
+                       if (width == 0)
+                               errx(EXIT_FAILURE, _("invalid --width"));
                        break;
                case 'V':
                        print_version(EXIT_SUCCESS);