diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-13 11:56:51 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-13 11:58:47 +0100 |
commit | c14455b2d72e248190e8f13810e0aa25a36166af (patch) | |
tree | 746c4da73e5f934e983089de0ebf638003ea9341 | |
parent | d3fd77835c069f1dacce0bb665af5db4155f125c (diff) | |
download | libtasn1-c14455b2d72e248190e8f13810e0aa25a36166af.tar.gz |
_asn1_ltostr: ensure that input value will always be printed
That is, use an unsigned type to store the output of the negation
(in case the input is negative).
This addresses the issue found in PKCS#7 decoding:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/parser_aux.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/lib/parser_aux.c b/lib/parser_aux.c index cfd76e0..7313eeb 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -551,29 +551,33 @@ _asn1_delete_list_and_nodes (void) char * _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) { - int64_t d, r; + uint64_t d, r; char temp[LTOSTR_MAX_SIZE]; int count, k, start; + uint64_t val; if (v < 0) { str[0] = '-'; start = 1; - v = -v; + val = -v; } else - start = 0; + { + val = v; + start = 0; + } count = 0; do { - d = v / 10; - r = v - d * 10; + d = val / 10; + r = val - d * 10; temp[start + count] = '0' + (char) r; count++; - v = d; + val = d; } - while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); + while (val && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; |