From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20565 invoked from network); 1 Dec 2023 05:09:20 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 1 Dec 2023 05:09:20 -0000 Received: (qmail 1852 invoked by uid 550); 1 Dec 2023 05:09:13 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 1814 invoked from network); 1 Dec 2023 05:09:13 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701407346; x=1702012146; darn=lists.openwall.com; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=xE4xVlGiMe+G+vQ1yzskcFd9XDZ/mG1zReOJwl5ego4=; b=FuribalYx1UAiDdt9eJ/W42osKbgjjHknHAantVqGwrfVHVDWciHEzckF5Z/CgZAEO vaJkqsGv1lO6fBJMKflniyFQUQFyhNTV/V9u2Ggib9f9acvCrBPuY/RRORGfb2d+eMSk AiU6BJDcCfcqJZYDya/tMPhxmM/aexku8RHqyB65A0+GPzpeWDvcLWpCD0d/prNnlL+D RHHke5Q7g1ZAEXPodGP1gzZVBWrD4APg2YCHV5sFtdrkKB73mKmTlIGxnWgKN0f3bjnk dIBoN0LaXUWCn6hCtpeYQUyQcqEh67L1IfpE71qlmAhuj7HY6zeQ2Ug+EfThrUDqLcW0 QtNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701407346; x=1702012146; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=xE4xVlGiMe+G+vQ1yzskcFd9XDZ/mG1zReOJwl5ego4=; b=fFGXqZ7cAidnPl/ZC6r61e7b6uOS8h+HLmR+EK9lAniyHI7SoFzK86zsRYdWyCirjC ERtPZR9NX3dQ+eDvPU1dHm6B3xnQMf0+7++hic37s6XxITt3h4a2RS4z7XK12e5ozQqP 9MNY79fVRC9umGXqJi1b46aBcM68qDNPl9Wx/zco1aJOz44/lJ2PC4VZ6wrEESG4EcWo rQIhwBpzeZPFgE2d+xmsFT799xiHV3NDY/1jOYL7ADLqoTDytzlzN4tO8SkwGbeyAdgT DMo0DG5JHcZi4ecBSNojVzDjiI7vMtRDW3HmKCIcJGpnH6uBIbUbyJyBQeE32XkRx8nz kGrw== X-Gm-Message-State: AOJu0Yzf6G87PfwUy8qz0f8mE0MEG4mbALblg2ohpMZYkly6O+Kb81BX 9eIueYUQDqpmxpyNogiCypR4UgMqlnSDrle37Gy86K//G3T5gw== X-Google-Smtp-Source: AGHT+IEM3M1aWoEX+evV0d2L5rqEihwebTbDfJ9dXIyKMgx17OEDEXOFztYhEjGr/n3NPJEP4wn+0fIk5BMr98FMO7c= X-Received: by 2002:a17:906:7182:b0:a19:a19b:560b with SMTP id h2-20020a170906718200b00a19a19b560bmr346211ejk.155.1701407345620; Thu, 30 Nov 2023 21:09:05 -0800 (PST) MIME-Version: 1.0 From: Anuraag Agrawal Date: Fri, 1 Dec 2023 14:08:54 +0900 Message-ID: To: musl@lists.openwall.com Content-Type: multipart/alternative; boundary="0000000000007439ac060b6bc421" Subject: [musl] Large overflow in __intscan ignored --0000000000007439ac060b6bc421 Content-Type: text/plain; charset="UTF-8" Currently, __intscan, used by functions like strtol, does not seem to check for overflow during multiplication. https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69 It at the end checks against the limit, e.g. the size of a long https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n90 However, if the value overflows and ends up in the range of the limit, errno will not be set. It seems that each multiplication operation needs to be checking for overflow and return errno if it ever happens. --0000000000007439ac060b6bc421 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Currently, __intscan, used by functions like strtol, does = not seem to check for overflow during multiplication.

https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69<= br>

It at the end checks against the limit, e.g. t= he size of a long


H= owever, if the value overflows and ends up in the range of the=C2=A0limit, = errno will not be set. It seems that each multiplication operation needs to= be checking for overflow and return errno if it ever happens.
--0000000000007439ac060b6bc421--