[src/trunk]: src/lib/libc/gen PR/44097: Yamamoto Takashi: Prevent overflow.

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/56c17a5df957
branches:  trunk
changeset: 778137:56c17a5df957
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Mar 17 20:01:14 2012 +0000

description:
PR/44097: Yamamoto Takashi: Prevent overflow.

diffstat:

 lib/libc/gen/humanize_number.c |  22 +++++++++++++++++-----
 1 files changed, 17 insertions(+), 5 deletions(-)

diffs (61 lines):

diff -r 49506d1a46ef -r 56c17a5df957 lib/libc/gen/humanize_number.c
--- a/lib/libc/gen/humanize_number.c    Sat Mar 17 19:57:14 2012 +0000
+++ b/lib/libc/gen/humanize_number.c    Sat Mar 17 20:01:14 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: humanize_number.c,v 1.15 2012/03/13 21:13:36 christos Exp $    */
+/*     $NetBSD: humanize_number.c,v 1.16 2012/03/17 20:01:14 christos Exp $    */
 
 /*
  * Copyright (c) 1997, 1998, 1999, 2002 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
 
 #include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: humanize_number.c,v 1.15 2012/03/13 21:13:36 christos Exp $");
+__RCSID("$NetBSD: humanize_number.c,v 1.16 2012/03/17 20:01:14 christos Exp $");
 #endif /* LIBC_SCCS and not lint */
 
 #include "namespace.h"
@@ -49,7 +49,7 @@
 {
        const char *prefixes, *sep;
        int     b, r, s1, s2, sign;
-       int64_t divisor, max;
+       int64_t divisor, max, post = 1;
        size_t  i, baselen, maxscale;
 
        _DIAGASSERT(buf != NULL);
@@ -89,12 +89,23 @@
                buf[0] = '\0';
        if (bytes < 0) {
                sign = -1;
-               bytes *= -100;
                baselen = 3;            /* sign, digit, prefix */
+               if (-bytes < INT64_MAX / 100)
+                       bytes *= -100;
+               else {
+                       bytes = -bytes;
+                       post = 100;
+                       baselen += 2;
+               }
        } else {
                sign = 1;
-               bytes *= 100;
                baselen = 2;            /* digit, prefix */
+               if (bytes < INT64_MAX / 100)
+                       bytes *= 100;
+               else {
+                       post = 100;
+                       baselen += 2;
+               }
        }
        if (flags & HN_NOSPACE)
                sep = "";
@@ -128,6 +139,7 @@
        } else
                for (i = 0; i < (size_t)scale && i < maxscale; i++)
                        bytes /= divisor;
+       bytes *= post;
 
        /* If a value <= 9.9 after rounding and ... */
        if (bytes < 995 && i > 0 && flags & HN_DECIMAL) {