Re: [PATCH] Re: [Exim] negative integer options gone in 4.20…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Torsten Luettgert
Datum:  
To: exim-users
Betreff: Re: [PATCH] Re: [Exim] negative integer options gone in 4.20, causing some grief
On Fri, 2003-07-11 at 15:11, Michael Haardt via COM.BOX TEMA wrote:
> Just thinking about it: Does the assumption of value < 0 indicating
> overflow always hold?


No, in fact it doesn't. You're right.
Take, for example, 2^30 * 1024. The result is 2^40 (2^30 * 2^10).
A 4-byte-integer has only 32 bits, so the result is saved modulo
2^32, making it 0.

I gave it another try, keeping that in mind:

  if (tolower(s[count]) == 'k') {
    if( value > INT_MAX/1024 || value < INT_MIN/1024 )
       log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
           "integer \"%s\" is too large (overflow)", s);
    value *= 1024; ++count;
  }else if (tolower(s[count]) == 'm') {
    if( value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024) )
       log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
           "integer \"%s\" is too large (overflow)", s);
    value *= 1024*1024; ++count;
  }


Or, as a patch,

diff -urN exim-4.20.orig/src/readconf.c exim-4.20/src/readconf.c
-- exim-4.20.orig/src/readconf.c 2003-07-13 14:18:52.000000000 +0200
+++ exim-4.20/src/readconf.c 2003-07-13 14:18:54.000000000 +0200
@@ -1619,11 +1619,17 @@
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "%sinteger expected for
%s",
       inttype, name);


-  if (tolower(s[count]) == 'k') { value *= 1024; count++; }
-  else if (tolower(s[count]) == 'm') { value *= 1024*1024; count++; }
-
-  if (value < 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
-    "integer \"%s\" is too large (overflow)", s);
+  if (tolower(s[count]) == 'k') {
+    if( value > INT_MAX/1024 || value < INT_MIN/1024 )
+       log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
+           "integer \"%s\" is too large (overflow)", s);
+    value *= 1024; ++count;
+  }else if (tolower(s[count]) == 'm') {
+    if( value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024) )
+       log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
+           "integer \"%s\" is too large (overflow)", s);
+    value *= 1024*1024; ++count;
+  }


while (isspace(s[count])) count++;
if (s[count] != 0)


- Torsten <t.luettgert@???>