From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 2278F3857816 for ; Sun, 27 Jun 2021 15:41:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2278F3857816 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-560-A5XukJ5qOp-sCeG4t3ayAA-1; Sun, 27 Jun 2021 11:41:52 -0400 X-MC-Unique: A5XukJ5qOp-sCeG4t3ayAA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2A1C7804146; Sun, 27 Jun 2021 15:41:51 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-112-228.ams2.redhat.com [10.36.112.228]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1FA3760C0F; Sun, 27 Jun 2021 15:41:49 +0000 (UTC) From: Florian Weimer To: Andreas Schwab Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] wordexp: handle overflow in positional parameter number (bug 28011) References: <87pmwaypwz.fsf@igel.home> Date: Sun, 27 Jun 2021 17:41:48 +0200 In-Reply-To: <87pmwaypwz.fsf@igel.home> (Andreas Schwab's message of "Fri, 25 Jun 2021 16:33:48 +0200") Message-ID: <87wnqf2u2r.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2021 15:41:55 -0000 * Andreas Schwab: > Use strtoul instead of atoi so that overflow can be detected. > --- > posix/wordexp-test.c | 1 + > posix/wordexp.c | 2 +- > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > index f93a546d7e..9df02dbbb3 100644 > --- a/posix/wordexp-test.c > +++ b/posix/wordexp-test.c > @@ -183,6 +183,7 @@ struct test_case_struct > { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > { 0, NULL, "", 0, 0, { NULL, }, IFS }, > + { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > /* Flags not already covered (testit() has special handling for these) */ > { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > diff --git a/posix/wordexp.c b/posix/wordexp.c > index bcbe96e48d..1f3b09f721 100644 > --- a/posix/wordexp.c > +++ b/posix/wordexp.c > @@ -1399,7 +1399,7 @@ envsubst: > /* Is it a numeric parameter? */ > else if (isdigit (env[0])) > { > - int n = atoi (env); > + unsigned long n = strtoul (env, NULL, 10); > > if (n >= __libc_argc) > /* Substitute NULL. */ Looks reasonable. The issue is that n as computed happens to be negative, right? Thanks, Florian