diff options
Diffstat (limited to 'system/curl/curl-do-bounds-check-using-a-double-comparison.patch')
-rw-r--r-- | system/curl/curl-do-bounds-check-using-a-double-comparison.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/system/curl/curl-do-bounds-check-using-a-double-comparison.patch b/system/curl/curl-do-bounds-check-using-a-double-comparison.patch new file mode 100644 index 000000000..34e2b6c71 --- /dev/null +++ b/system/curl/curl-do-bounds-check-using-a-double-comparison.patch @@ -0,0 +1,32 @@ +From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001 +From: Adam Sampson <ats@offog.org> +Date: Wed, 9 Aug 2017 14:11:17 +0100 +Subject: [PATCH] curl: do bounds check using a double comparison + +The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't +complete: if the parsed number in num is larger than will fit in a long, +the conversion is undefined behaviour (causing test1427 to fail for me +on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting +rid of the cast means the comparison will be done using doubles. + +It might make more sense for the max argument to also be a double... + +Fixes #1750 +Closes #1749 +--- + src/tool_paramhlp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c +index b9dedc989e..85c5e79a7e 100644 +--- a/src/tool_paramhlp.c ++++ b/src/tool_paramhlp.c +@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) + num = strtod(str, &endptr); + if(errno == ERANGE) + return PARAM_NUMBER_TOO_LARGE; +- if((long)num > max) { ++ if(num > max) { + /* too large */ + return PARAM_NUMBER_TOO_LARGE; + } |