(vasnprintf) [!USE_SNPRINTF]: Correct the test for integer overflow.

author: Jim Meyering <jim@meyering.net> 2005-02-07 16:49:58 +0000
committer: Jim Meyering <jim@meyering.net> 2005-02-07 16:49:58 +0000
commit: a8826c6e63d47c7ad12e52f4cdb628968bf95e68 (patch)
tree: 6a2bda2205635d49d7c2e40c3c87bc1bae3d8484 /lib
parent: c0756a37d4a16840eb2454748fad7ec9a1f7910e (diff)
download: coreutils-a8826c6e63d47c7ad12e52f4cdb628968bf95e68.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index d49bc559e..c4c166467 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -1,5 +1,5 @@
 /* vsprintf with automatic memory allocation.
-   Copyright (C) 1999, 2002-2004 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2005 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -294,9 +294,10 @@ VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list ar
 
 			  do
 			    {
-			      if (SIZE_MAX / 10 <= width)
+			      size_t w_tmp = width * 10 + (*digitp++ - '0');
+			      if (SIZE_MAX / 10 <= width || w_tmp < width)
 				goto out_of_memory;
-			      width = width * 10 + (*digitp++ - '0');
+			      width = w_tmp;
 			    }
 			  while (digitp != dp->width_end);
 			}
author	Jim Meyering <jim@meyering.net>	2005-02-07 16:49:58 +0000
committer	Jim Meyering <jim@meyering.net>	2005-02-07 16:49:58 +0000
commit	a8826c6e63d47c7ad12e52f4cdb628968bf95e68 (patch)
tree	6a2bda2205635d49d7c2e40c3c87bc1bae3d8484 /lib
parent	c0756a37d4a16840eb2454748fad7ec9a1f7910e (diff)
download	coreutils-a8826c6e63d47c7ad12e52f4cdb628968bf95e68.tar.xz