From: Jim Meyering <jim@meyering.net>
Date: Mon, 7 Feb 2005 16:49:58 +0000 (+0000)
Subject: (vasnprintf) [!USE_SNPRINTF]: Correct the test for integer overflow.
X-Git-Tag: CPPI-1_12~1494
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a8826c6e63d47c7ad12e52f4cdb628968bf95e68;p=thirdparty%2Fcoreutils.git

(vasnprintf) [!USE_SNPRINTF]: Correct the test for integer overflow.
---

diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index d49bc559e9..c4c1664670 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -1,5 +1,5 @@
 /* vsprintf with automatic memory allocation.
-   Copyright (C) 1999, 2002-2004 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2005 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -294,9 +294,10 @@ VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list ar
 
 			  do
 			    {
-			      if (SIZE_MAX / 10 <= width)
+			      size_t w_tmp = width * 10 + (*digitp++ - '0');
+			      if (SIZE_MAX / 10 <= width || w_tmp < width)
 				goto out_of_memory;
-			      width = width * 10 + (*digitp++ - '0');
+			      width = w_tmp;
 			    }
 			  while (digitp != dp->width_end);
 			}