From: Matt Caswell <matt@openssl.org>
Date: Wed, 25 May 2016 15:20:48 +0000 (+0100)
Subject: Prevent an overflow when trying to print excessively big floats
X-Git-Tag: OpenSSL_1_1_0-pre6~687
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=1b62d880b5190de8c49a01837d96501cecf2a111;ds=sidebyside

Prevent an overflow when trying to print excessively big floats

We convert the integer part of the float to a long. We should check it
fits first.

Issue reported by Guido Vranken.

GitHub Issue #1102

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 36400cda5e..d52ad7cdf5 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -561,9 +561,9 @@ fmtfp(char **sbuffer,
     int padlen = 0;
     int zpadlen = 0;
     long exp = 0;
-    long intpart;
-    long fracpart;
-    long max10;
+    unsigned long intpart;
+    unsigned long fracpart;
+    unsigned long max10;
     int realstyle;
 
     if (max < 0)
@@ -638,7 +638,11 @@ fmtfp(char **sbuffer,
             fvalue = tmpvalue;
     }
     ufvalue = abs_val(fvalue);
-    intpart = (long)ufvalue;
+    if (ufvalue > ULONG_MAX) {
+        /* Number too big */
+        return 0;
+    }
+    intpart = (unsigned long)ufvalue;
 
     /*
      * sorry, we only support 9 digits past the decimal because of our