Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2019-13445: potential integer overflow #1738

Closed
danielwangksu opened this issue Jul 2, 2019 · 0 comments · Fixed by #1741
Closed

CVE-2019-13445: potential integer overflow #1738

danielwangksu opened this issue Jul 2, 2019 · 0 comments · Fixed by #1741

Comments

@danielwangksu
Copy link
Contributor

Potentially overflowing expression "1048576 * S" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).

opts.max_size = 1048576 * S;

To avoid overflow, cast either "1048576" or "S" to type "uint64_t".

@danielwangksu danielwangksu changed the title potential integer overflow CVE-2019-13445: potential integer overflow Jul 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant