Kwarde/klibc
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

atoi: Possible buffer overflow #2

New Issue
Open
opened 2025-07-20 12:47:45 +02:00 by Kwarde · 2 comments
Kwarde commented 2025-07-20 12:47:45 +02:00
Owner
Copy Link

Assure this can't happen by checking max length:

  • Maximum length of max uint64 = 20 (18.446.744.073.709.551.615)
  • Maximum length of min int64 = 20 (-9.223.372.036.854.775.808)
  • Maximum length of hexadecimal number = 16 ([0x]FFFFFFFFFFFFFFFF)
  • Maximum length of binary number = 64 ([0b]1111111111111111111111111111111111111111111111)
  • Maximum length of octal number = 22 ([0o]1777777777777777777777)

If length calculated in .getLenLoop exceeds that, return 0

Assure this can't happen by checking max length: - Maximum length of max uint64 = 20 (18.446.744.073.709.551.615) - Maximum length of min int64 = 20 (-9.223.372.036.854.775.808) - Maximum length of hexadecimal number = 16 ([0x]FFFFFFFFFFFFFFFF) - Maximum length of binary number = 64 ([0b]1111111111111111111111111111111111111111111111) - Maximum length of octal number = 22 ([0o]1777777777777777777777) If length calculated in `.getLenLoop` exceeds that, return 0
Kwarde commented 2025-07-20 23:07:56 +02:00
Author
Owner
Copy Link

Hmmm, bad idea (turned out after implementation+tests).
during the first test I made a typo: 18.446.744.073.709.551.615 => 1844674407[4]709551615
Realized while typing that that the code would still assume it to be valid while it is not.

So somehow gotta do during calculations instead.

Hmmm, bad idea (turned out after implementation+tests). during the first test I made a typo: `18.446.744.073.709.551.615` => `1844674407[4]709551615` Realized while typing that that the code would still assume it to be valid while it is not. So somehow gotta do during calculations instead.
Kwarde commented 2025-07-22 06:47:36 +02:00
Author
Owner
Copy Link

Partially fixed; d15ed616e9
Guarded against unsigned overflows, todo now is checking if below min signed or above max signed

Partially fixed; https://git.kwarde.com/Kwarde/klibc/commit/d15ed616e91b1d0c24aa6ee2405c9d8607cc8d1c Guarded against unsigned overflows, todo now is checking if below min signed or above max signed
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Kwarde
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Kwarde/klibc#2
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?