From: Pádraig Brady <P@draigBrady.com>
Date: Sun, 5 Sep 2021 13:12:21 +0000 (+0100)
Subject: sum: handle EOVERFLOW for too large inputs
X-Git-Tag: v9.0~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97f98b63a44b9eea30b2c07053536774611494d1;p=thirdparty%2Fcoreutils.git

sum: handle EOVERFLOW for too large inputs

* src/sum.c (bsd_sum_stream): Detect overflow when updating length.
(sysv_sum_stream): Likewise.
---

diff --git a/src/sum.c b/src/sum.c
index 1633c86c52..4e1efe9e11 100644
--- a/src/sum.c
+++ b/src/sum.c
@@ -73,6 +73,11 @@ bsd_sum_stream (FILE *stream, void *resstream, uintmax_t *length)
         checksum += buffer[i];
         checksum &= 0xffff;	/* Keep it within bounds. */
       }
+    if (total_bytes + sum < total_bytes)
+      {
+        errno = EOVERFLOW;
+        goto cleanup_buffer;
+      }
     total_bytes += sum;
   }
 
@@ -84,6 +89,11 @@ final_process:;
       checksum += buffer[i];
       checksum &= 0xffff;	/* Keep it within bounds. */
     }
+  if (total_bytes + sum < total_bytes)
+    {
+      errno = EOVERFLOW;
+      goto cleanup_buffer;
+    }
   total_bytes += sum;
 
   memcpy (resstream, &checksum, sizeof checksum);
@@ -139,6 +149,11 @@ sysv_sum_stream (FILE *stream, void *resstream, uintmax_t *length)
 
     for (size_t i = 0; i < sum; i++)
       s += buffer[i];
+    if (total_bytes + sum < total_bytes)
+      {
+        errno = EOVERFLOW;
+        goto cleanup_buffer;
+      }
     total_bytes += sum;
   }
 
@@ -146,6 +161,11 @@ final_process:;
 
   for (size_t i = 0; i < sum; i++)
     s += buffer[i];
+  if (total_bytes + sum < total_bytes)
+    {
+      errno = EOVERFLOW;
+      goto cleanup_buffer;
+    }
   total_bytes += sum;
 
   int r = (s & 0xffff) + ((s & 0xffffffff) >> 16);