Prevent an overflow when trying to print excessively big floats

We convert the integer part of the float to a long. We should check it
fits first.

Issue reported by Guido Vranken.

GitHub Issue #1102

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 36400cda5e9deff690878fdfcf18fab56240e82a..d52ad7cdf5befcafc832b4d1380314333177f1b8 100644 (file)
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -561,9 +561,9 @@ fmtfp(char **sbuffer,
     int padlen = 0;
     int zpadlen = 0;
     long exp = 0;
-    long intpart;
-    long fracpart;
-    long max10;
+    unsigned long intpart;
+    unsigned long fracpart;
+    unsigned long max10;
     int realstyle;
 
     if (max < 0)
@@ -638,7 +638,11 @@ fmtfp(char **sbuffer,
             fvalue = tmpvalue;
     }
     ufvalue = abs_val(fvalue);
-    intpart = (long)ufvalue;
+    if (ufvalue > ULONG_MAX) {
+        /* Number too big */
+        return 0;
+    }
+    intpart = (unsigned long)ufvalue;
 
     /*
      * sorry, we only support 9 digits past the decimal because of our