From a7603fa6527cf53a22d5072acb454f65303a3874 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 10 May 2014 11:42:38 -0700 Subject: [PATCH] shred: fix overflow checking of command-line options * src/shred.c (main): Limit -n (number of passes) value to ULONG_MAX, not to UINT32_MAX, since the vars are unsigned long. Limit the -s (file size) value to OFF_T_MAX. --- src/shred.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/shred.c b/src/shred.c index 607c6be159..f4347e002a 100644 --- a/src/shred.c +++ b/src/shred.c @@ -1231,7 +1231,7 @@ main (int argc, char **argv) { uintmax_t tmp; if (xstrtoumax (optarg, NULL, 10, &tmp, NULL) != LONGINT_OK - || MIN (UINT32_MAX, SIZE_MAX / sizeof (int)) < tmp) + || MIN (ULONG_MAX, SIZE_MAX / sizeof (int)) <= tmp) { error (EXIT_FAILURE, 0, _("%s: invalid number of passes"), quotearg_colon (optarg)); @@ -1256,9 +1256,10 @@ main (int argc, char **argv) case 's': { - uintmax_t tmp; - if (xstrtoumax (optarg, NULL, 0, &tmp, "cbBkKMGTPEZY0") - != LONGINT_OK) + intmax_t tmp; + if ((xstrtoimax (optarg, NULL, 0, &tmp, "cbBkKMGTPEZY0") + != LONGINT_OK) + || OFF_T_MAX < tmp) { error (EXIT_FAILURE, 0, _("%s: invalid file size"), quotearg_colon (optarg)); -- 2.47.2