Avoid SIGFPE in wordexp [BZ #18100]

Check for a zero divisor and integer overflow before performing division in arithmetic expansion.
author: Florian Weimer <fweimer@redhat.com> 2015-03-23 16:12:38 +0100
committer: Florian Weimer <fweimer@redhat.com> 2015-03-23 16:12:38 +0100
commit: 2b028564f14d20cdda0c00d8ba100695b40501f5 (patch)
tree: 46699eeec32449e0894c69d8d39c30c39e6d1c63 /posix/wordexp.c
parent: 59261ad3eb345e0d7b9f5c73e1a09d046991cea5 (diff)
download: glibc-2b028564f14d20cdda0c00d8ba100695b40501f5.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/posix/wordexp.c b/posix/wordexp.c
index f6062d58c8..e711d43355 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -617,6 +617,10 @@ eval_expr_multdiv (char **expr, long int *result)
 	  if (eval_expr_val (expr, &arg) != 0)
 	    return WRDE_SYNTAX;
 
+	  /* Division by zero or integer overflow.  */
+	  if (arg == 0 || (arg == -1 && *result == LONG_MIN))
+	    return WRDE_SYNTAX;
+
 	  *result /= arg;
 	}
       else break;
author	Florian Weimer <fweimer@redhat.com>	2015-03-23 16:12:38 +0100
committer	Florian Weimer <fweimer@redhat.com>	2015-03-23 16:12:38 +0100
commit	2b028564f14d20cdda0c00d8ba100695b40501f5 (patch)
tree	46699eeec32449e0894c69d8d39c30c39e6d1c63 /posix/wordexp.c
parent	59261ad3eb345e0d7b9f5c73e1a09d046991cea5 (diff)
download	glibc-2b028564f14d20cdda0c00d8ba100695b40501f5.tar.gz