Skip to content

Commit

Permalink
Fix arithmetic expression overflow
Browse files Browse the repository at this point in the history 
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #23274)

(cherry picked from commit 486ab0f)
  • Loading branch information
@JohnnySavages @t8m
JohnnySavages authored and t8m committed Jan 15, 2024
1 parent 29463f1 commit 60dc128
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion crypto/objects/obj_dat.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
a = ca->obj;
switch (ca->type) {
case ADDED_DATA:
ret = a->length << 20L;
ret = (unsigned long)a->length << 20UL;
p = (unsigned char *)a->data;
for (i = 0; i < a->length; i++)
ret ^= p[i] << ((i * 3) % 24);
Expand Down

0 comments on commit 60dc128

Please sign in to comment.