sys-freebsd/freebsd-lib/files/freebsd-lib-7.0-CVE-2008-1391.patch


1
2
3
4
5
6
7
8
9
10
11

--- lib/libc/stdlib/strfmon.c	2008/04/22 13:23:34
+++ lib/libc/stdlib/strfmon.c	2008/04/24 07:49:00
@@ -65,6 +65,8 @@
 #define GET_NUMBER(VAR)	do {					\
 	VAR = 0;						\
 	while (isdigit((unsigned char)*fmt)) {			\
+		if (VAR > INT_MAX / 10)				\
+			goto e2big_error;			\
 		VAR *= 10;					\
 		VAR += *fmt - '0';				\
 		if (VAR < 0)					\