g_hostname_is_ip_address: detect integer overflow

Signed integer overflow is undefined behaviour, which the undefined behaviour sanitizer detects. Previously, if the compiler had implemented this in the obvious way (overflowing signed multiplication wraps around mod 2**32), we would have incorrectly classified addresses where one octet was, for example, (2**32 + 42) as valid IP addresses, by treating that octet as though it was 42. Signed-off-by: Simon McVittie <smcv@debian.org> Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510 Reviewed-by: Colin Walters
2025-07-13 05:56:59 +02:00 · 2016-12-02 10:13:00 +00:00
parent 1d697a5f30
commit 4496ef91b5
1 changed files with 6 additions and 1 deletions
--- a/glib/ghostutils.c
+++ b/glib/ghostutils.c
@ -785,7 +785,12 @@ g_hostname_is_ip_address (const gchar *hostname)
      else
        {
          for (end = p; g_ascii_isdigit (*end); end++)
-            octet = 10 * octet + (*end - '0');
+            {
+              octet = 10 * octet + (*end - '0');
+
+              if (octet > 255)
+                break;
+            }
        }
      if (end == p || end > p + 3 || octet > 255)
        return FALSE;