From: Friedrich Beckmann Date: Mon, 17 Aug 2020 09:52:47 +0000 (+0200) Subject: fixed range check in parse_record_placement (32Bit/64Bit issue) #58968 X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b296fba9a10d7a3e8ff1bbcac26b449e8bc31983;p=pspp fixed range check in parse_record_placement (32Bit/64Bit issue) #58968 The regression failed for test "lexer crash due to overflow" (403) on i386 architecture. The reason is that long is 64Bit on amd64 while it is 32Bit on i386. The code used long as type that can hold larger values than int which does not work on 32Bit systems. The change keeps the value as double as long as the range checks are done. see: https://savannah.gnu.org/bugs/?58968 --- diff --git a/src/language/data-io/placement-parser.c b/src/language/data-io/placement-parser.c index 671933382a..66aefbff9d 100644 --- a/src/language/data-io/placement-parser.c +++ b/src/language/data-io/placement-parser.c @@ -399,16 +399,18 @@ parse_record_placement (struct lexer *lexer, int *record, int *column) { while (lex_match (lexer, T_SLASH)) { - if (lex_is_integer (lexer)) + if (lex_is_number (lexer)) { - long n = lex_integer (lexer); - if (n <= *record || n > INT_MAX) + double orignum = lex_number (lexer); + long n = (lex_is_integer (lexer)?lex_integer (lexer):*record); + bool out_of_range = orignum > INT_MAX || orignum < INT_MIN; + if (n <= *record || out_of_range) { - msg (SE, _("The record number specified, %ld, is at or " + msg (SE, _("The record number specified, %.0f, is at or " "before the previous record, %d. Data " "fields must be listed in order of " "increasing record number."), - n, *record); + orignum, *record); return false; } *record = n;