[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget | Subject: [PATCH] avoid triggering signed integer overflow (!1
From: |
Tim Rühsen |
Subject: |
Re: wget | Subject: [PATCH] avoid triggering signed integer overflow (!13) |
Date: |
Mon, 28 Dec 2020 18:01:56 +0000 |
Tim Rühsen commented on a discussion on src/html-url.c:
https://gitlab.com/gnuwget/wget/-/merge_requests/13#note_474758454
> return;
>
> for (p = refresh; c_isdigit (*p); p++)
> - timeout = 10 * timeout + *p - '0';
> + {
> + if (timeout > INT_MAX >> 4 || *p - '0' > INT_MAX - 10 * timeout)
> + return;
>From what I can see in the code, the timeout value is only used via %d to
>reconstruct the refresh meta tag. So it would even be better to extract the
>string as is instead of converting string->value->string.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget/-/merge_requests/13#note_474758454
You're receiving this email because of your account on gitlab.com.