From a9ede822da1075573525f9b2b87b8365c32b3b67 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 9 Sep 2024 16:46:08 +0200
Subject: [PATCH] virconf: Properly fix numeric overflow when parsing numbers
 in conf files

The previous fix didn't check the overflow in addition. Use the new
macro to check both multiplication and addition overflows.

Fixes: 8666523b7d0891c38a7c9c138c4cc318eddfefeb
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/util/virconf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/util/virconf.c b/src/util/virconf.c
index da07af178d..66b3e0482e 100644
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -347,13 +347,15 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
         return -1;
     }
     while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
-        if (l > LLONG_MAX / 10) {
+        long long c = (CUR - '0');
+
+        if (VIR_MULTIPLY_ADD_IS_OVERFLOW(LLONG_MAX, l, 10, c)) {
             virConfError(ctxt, VIR_ERR_OVERFLOW,
                          _("numeric overflow in conf value"));
             return -1;
         }
 
-        l = l * 10 + (CUR - '0');
+        l = l * 10 + c;
         NEXT;
     }
     if (neg)
-- 
2.47.2