host: str2uint sample count overflow fix

Result of val*mult would be casted to unsigned int before min/max boundary check allowing for overflows to occur. Fixes #941
Nuand · Sep 18, 2023 · 3150da9 · 3150da9
1 parent cf181d0
commit 3150da9
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/host/common/src/conversions.c b/host/common/src/conversions.c
@@ -637,7 +637,6 @@ unsigned int str2uint_suffix(const char *str,
                              bool *ok)
 {
     uint64_t mult;
-    unsigned int rv;
     double val;
     char *optr;
 
@@ -658,14 +657,15 @@ unsigned int str2uint_suffix(const char *str,
     if (!*ok)
         return false;
 
-    rv = (unsigned int)(val * mult);
+    if (val*mult > max) {
+        return max;
+    }
 
-    if (rv >= min && rv <= max) {
-        return rv;
+    if (val*mult < min) {
+        return min;
     }
 
-    *ok = false;
-    return 0;
+    return (unsigned int)(val * mult);
 }
 
 uint64_t str2uint64_suffix(const char *str,