On Fri, 2003-07-11 at 15:11, Michael Haardt via COM.BOX TEMA wrote:
> Just thinking about it: Does the assumption of value < 0 indicating
> overflow always hold?
No, in fact it doesn't. You're right.
Take, for example, 2^30 * 1024. The result is 2^40 (2^30 * 2^10).
A 4-byte-integer has only 32 bits, so the result is saved modulo
2^32, making it 0.
I gave it another try, keeping that in mind:
if (tolower(s[count]) == 'k') {
if( value > INT_MAX/1024 || value < INT_MIN/1024 )
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
"integer \"%s\" is too large (overflow)", s);
value *= 1024; ++count;
}else if (tolower(s[count]) == 'm') {
if( value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024) )
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
"integer \"%s\" is too large (overflow)", s);
value *= 1024*1024; ++count;
}
Or, as a patch,
diff -urN exim-4.20.orig/src/readconf.c exim-4.20/src/readconf.c
-- exim-4.20.orig/src/readconf.c 2003-07-13 14:18:52.000000000 +0200
+++ exim-4.20/src/readconf.c 2003-07-13 14:18:54.000000000 +0200
@@ -1619,11 +1619,17 @@
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, "%sinteger expected for
%s",
inttype, name);
- if (tolower(s[count]) == 'k') { value *= 1024; count++; }
- else if (tolower(s[count]) == 'm') { value *= 1024*1024; count++; }
-
- if (value < 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
- "integer \"%s\" is too large (overflow)", s);
+ if (tolower(s[count]) == 'k') {
+ if( value > INT_MAX/1024 || value < INT_MIN/1024 )
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
+ "integer \"%s\" is too large (overflow)", s);
+ value *= 1024; ++count;
+ }else if (tolower(s[count]) == 'm') {
+ if( value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024) )
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
+ "integer \"%s\" is too large (overflow)", s);
+ value *= 1024*1024; ++count;
+ }
while (isspace(s[count])) count++;
if (s[count] != 0)
- Torsten <t.luettgert@???>
