From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 9 Sep 2024 14:46:08 +0000 (+0200)
Subject: virconf: Properly fix numeric overflow when parsing numbers in conf files
X-Git-Tag: v10.8.0-rc1~107
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9ede822da1075573525f9b2b87b8365c32b3b67;p=thirdparty%2Flibvirt.git

virconf: Properly fix numeric overflow when parsing numbers in conf files

The previous fix didn't check the overflow in addition. Use the new
macro to check both multiplication and addition overflows.

Fixes: 8666523b7d0891c38a7c9c138c4cc318eddfefeb
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---

diff --git a/src/util/virconf.c b/src/util/virconf.c
index da07af178d..66b3e0482e 100644
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -347,13 +347,15 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
         return -1;
     }
     while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
-        if (l > LLONG_MAX / 10) {
+        long long c = (CUR - '0');
+
+        if (VIR_MULTIPLY_ADD_IS_OVERFLOW(LLONG_MAX, l, 10, c)) {
             virConfError(ctxt, VIR_ERR_OVERFLOW,
                          _("numeric overflow in conf value"));
             return -1;
         }
 
-        l = l * 10 + (CUR - '0');
+        l = l * 10 + c;
         NEXT;
     }
     if (neg)