Commit 1b62d880 authored by Matt Caswell's avatar Matt Caswell
Browse files

Prevent an overflow when trying to print excessively big floats 



We convert the integer part of the float to a long. We should check it
fits first.

Issue reported by Guido Vranken.

GitHub Issue #1102

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent d6056f08

crypto/bio/b_print.c

+8 −4
Original line number Diff line number Diff line
@@ -561,9 +561,9 @@ fmtfp(char **sbuffer, 
    int padlen = 0;

    int zpadlen = 0;

    long exp = 0;

    long intpart;

    long fracpart;

    long max10;

    unsigned long intpart;

    unsigned long fracpart;

    unsigned long max10;

    int realstyle;



    if (max < 0)
@@ -638,7 +638,11 @@ fmtfp(char **sbuffer, 
            fvalue = tmpvalue;

    }

    ufvalue = abs_val(fvalue);

    intpart = (long)ufvalue;

    if (ufvalue > ULONG_MAX) {

        /* Number too big */

        return 0;

    }

    intpart = (unsigned long)ufvalue;



    /*

     * sorry, we only support 9 digits past the decimal because of our