Skip to content

Commit

Permalink
fix(demangle): prevent signed integer overflow
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiud committed Oct 5, 2023
1 parent 27bf2b2 commit 4b7b8d3
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion src/demangle.cc
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
#include "demangle.h"

#include <cstdio> // for nullptr
#include <limits>

#include "utilities.h"

Expand Down Expand Up @@ -592,9 +593,23 @@ static bool ParseNumber(State *state, int *number_out) {
}
const char *p = state->mangled_cur;
int number = 0;
constexpr int int_max_by_10 = std::numeric_limits<int>::max() / 10;
for (;*p != '\0'; ++p) {
if (IsDigit(*p)) {
number = number * 10 + (*p - '0');
// Prevent signed integer overflow when multiplying
if (number > int_max_by_10) {
return false;
}

const int digit = *p - '0';
const int shifted = number * 10;

// Prevent signed integer overflow when summing
if (digit > std::numeric_limits<int>::max() - shifted) {
return false;
}

number = shifted + digit;
} else {
break;
}
Expand Down

0 comments on commit 4b7b8d3

Please sign in to comment.