From: Jim Meyering <jim@meyering.net>
Date: Tue, 11 Jan 2005 16:54:02 +0000 (+0000)
Subject: (main): Check for overflow in tabstop values
X-Git-Tag: CPPI-1_12~1632
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8756077c3981f77b5cb1c24b98568fd74d4a310;p=thirdparty%2Fcoreutils.git

(main): Check for overflow in tabstop values
specified via the obsolete form.  E.g., now this command fails:
_POSIX2_VERSION=1 ./expand -$(echo '2^64+1'|bc)
Before it would act like `_POSIX2_VERSION=1 ./expand -1'.
---

diff --git a/src/expand.c b/src/expand.c
index e3584601a3..5ea16c07e8 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -1,5 +1,5 @@
 /* expand - convert tabs to spaces
-   Copyright (C) 89, 91, 1995-2004 Free Software Foundation, Inc.
+   Copyright (C) 89, 91, 1995-2005 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -420,7 +420,12 @@ main (int argc, char **argv)
 	      tabval = 0;
 	      have_tabval = true;
 	    }
-	  tabval = tabval * 10 + c - '0';
+	  {
+	    uintmax_t new_t = tabval * 10 + c - '0';
+	    if (UINTMAX_MAX / 10 < tabval || new_t < tabval * 10)
+	      error (EXIT_FAILURE, 0, _("tab stop value is too large"));
+	    tabval = new_t;
+	  }
 	  obsolete_tablist = true;
 	  break;
 	}