From 4b7b8d3d048e5195dd1660c2f35bc808d564f180 Mon Sep 17 00:00:00 2001 From: Sergiu Deitsch Date: Thu, 5 Oct 2023 23:17:57 +0200 Subject: [PATCH] fix(demangle): prevent signed integer overflow --- src/demangle.cc | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/demangle.cc b/src/demangle.cc index 3dde4a63e..1310c3b3f 100644 --- a/src/demangle.cc +++ b/src/demangle.cc @@ -37,6 +37,7 @@ #include "demangle.h" #include // for nullptr +#include #include "utilities.h" @@ -592,9 +593,23 @@ static bool ParseNumber(State *state, int *number_out) { } const char *p = state->mangled_cur; int number = 0; + constexpr int int_max_by_10 = std::numeric_limits::max() / 10; for (;*p != '\0'; ++p) { if (IsDigit(*p)) { - number = number * 10 + (*p - '0'); + // Prevent signed integer overflow when multiplying + if (number > int_max_by_10) { + return false; + } + + const int digit = *p - '0'; + const int shifted = number * 10; + + // Prevent signed integer overflow when summing + if (digit > std::numeric_limits::max() - shifted) { + return false; + } + + number = shifted + digit; } else { break; }