From: Alejandro Colomar <alx@kernel.org>
Date: Sat, 2 Sep 2023 13:43:24 +0000 (+0200)
Subject: lib/limits.c: Check for overflow without invoking UB
X-Git-Tag: 4.15.0-rc1~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e0c61cce38d71bd4a531d5f78ab6398beccccd4;p=thirdparty%2Fshadow.git

lib/limits.c: Check for overflow without invoking UB

The multiplication was already invoking UB.  The test was flawed.
Use __builtin_mul_overflow() instead.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/lib/limits.c b/lib/limits.c
index b3ea1784e..1da228ca6 100644
--- a/lib/limits.c
+++ b/lib/limits.c
@@ -45,8 +45,10 @@ static int setrlimit_value (unsigned int resource,
                             const char *value,
                             unsigned int multiplier)
 {
-	struct rlimit rlim;
-	rlim_t limit;
+	char           *endptr;
+	long           l;
+	rlim_t         limit;
+	struct rlimit  rlim;
 
 	/* The "-" is special, not belonging to a strange negative limit.
 	 * It is infinity, in a controlled way.
@@ -60,8 +62,7 @@ static int setrlimit_value (unsigned int resource,
 		 * Also, we are limited to base 10 here (hex numbers will not
 		 * work with the limit string parser as is anyway)
 		 */
-		char *endptr;
-		long longlimit = strtol (value, &endptr, 10);
+		l = strtol(value, &endptr, 10);
 
 		if (value == endptr) {
 			/* No argument at all. No-op.
@@ -69,10 +70,7 @@ static int setrlimit_value (unsigned int resource,
 			 */
 			return 0;
 		}
-		longlimit *= multiplier;
-		limit = longlimit;
-		if (longlimit != limit)
-		{
+		if (__builtin_mul_overflow(l, multiplier, &limit)) {
 			/* FIXME: Again, silent error handling...
 			 * Wouldn't screaming make more sense?
 			 */