Permalink
Browse files

Prevent integer overflow of very large escape sequence params. Fixes #…

  • Loading branch information...
1 parent b0e0577 commit 1cf12f9e9be14cbfce5362edab34d44154ed2c8e @keithw keithw committed May 16, 2012
Showing with 14 additions and 6 deletions.
  1. +14 −6 src/terminal/terminaldispatcher.cc
@@ -81,10 +81,16 @@ void Dispatcher::parse_params( void )
errno = 0;
char *endptr;
- int val = strtol( segment_begin, &endptr, 10 );
+ long val = strtol( segment_begin, &endptr, 10 );
if ( endptr == segment_begin ) {
val = -1;
}
+
+ if ( val > PARAM_MAX || errno == ERANGE ) {
+ val = -1;
+ errno = 0;
+ }
+
if ( errno == 0 || segment_begin == endptr ) {
parsed_params.push_back( val );
}
@@ -95,10 +101,16 @@ void Dispatcher::parse_params( void )
/* get last param */
errno = 0;
char *endptr;
- int val = strtol( segment_begin, &endptr, 10 );
+ long val = strtol( segment_begin, &endptr, 10 );
if ( endptr == segment_begin ) {
val = -1;
}
+
+ if ( val > PARAM_MAX || errno == ERANGE ) {
+ val = -1;
+ errno = 0;
+ }
+
if ( errno == 0 || segment_begin == endptr ) {
parsed_params.push_back( val );
}
@@ -117,10 +129,6 @@ int Dispatcher::getparam( size_t N, int defaultval )
ret = parsed_params[ N ];
}
- if ( ret > PARAM_MAX ) {
- ret = defaultval;
- }
-
if ( ret < 1 ) ret = defaultval;
return ret;

0 comments on commit 1cf12f9

Please sign in to comment.