Skip to content

Commit

Permalink
Fixed ubsan warning in gzfread due to size_t overflow. madler#783
Browse files Browse the repository at this point in the history 
gzread.c:398:18: runtime error: unsigned integer overflow: 2 * 18446744073709551615 cannot be represented in type 'unsigned long'
    #0 0x10009d31e in zng_gzfread gzread.c:398
    madler#1 0x100005b1a in test_gzio example.c:213
    madler#2 0x10001093b in main example.c:1034
    madler#3 0x7fff71f57cc8 in start+0x0 (libdyld.dylib:x86_64+0x1acc8)
  • Loading branch information
@nmoinvaz @Dead2
nmoinvaz authored and Dead2 committed Nov 2, 2020
1 parent 5cdd9bc commit 48c0891
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions gzread.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,11 +395,11 @@ size_t Z_EXPORT PREFIX(gzfread)(void *buf, size_t size, size_t nitems, gzFile fi
return 0;

/* compute bytes to read -- error on overflow */
len = nitems * size;
if (size && len / size != nitems) {
if (size && SIZE_MAX / size < nitems) {
gz_error(state, Z_STREAM_ERROR, "request does not fit in a size_t");
return 0;
}
len = nitems * size;

/* read len or fewer bytes to buf, return the number of full items read */
return len ? gz_read(state, buf, len) / size : 0;
Expand Down

0 comments on commit 48c0891

Please sign in to comment.