1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

curl: do bounds check using a double comparison

The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
rid of the cast means the comparison will be done using doubles.

It might make more sense for the max argument to also be a double...

Fixes #1750
Closes #1749
This commit is contained in:
Adam Sampson 2017-08-09 14:11:17 +01:00 committed by Daniel Stenberg
parent a7bbbb7c36
commit 45a560390c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
num = strtod(str, &endptr);
if(errno == ERANGE)
return PARAM_NUMBER_TOO_LARGE;
if((long)num > max) {
if(num > max) {
/* too large */
return PARAM_NUMBER_TOO_LARGE;
}