Fix integer overflow in extcon_count.c

author lokilee73 <changjoo.lee@samsung.com>

Thu, 17 Jan 2019 09:02:44 +0000 (18:02 +0900)

committer lokilee73 <changjoo.lee@samsung.com>

Thu, 17 Jan 2019 10:22:25 +0000 (19:22 +0900)
author lokilee73 <changjoo.lee@samsung.com>
Thu, 17 Jan 2019 09:02:44 +0000 (18:02 +0900)
committer lokilee73 <changjoo.lee@samsung.com>
Thu, 17 Jan 2019 10:22:25 +0000 (19:22 +0900)
diff --git a/src/extcon/extcon_count.c b/src/extcon/extcon_count.c

index 6e5df02..bb9914b 100644 (file)
--- a/src/extcon/extcon_count.c
+++ b/src/extcon/extcon_count.c
@@ -47,6 +47,7 @@ int extcon_update_count(int index, unsigned long count)
         int r;
         int ret = 0;
         char buf[BUF_MAX];
+       unsigned long value;
  
         fd = open(extcon_devices[index].str, O_RDWR | O_CREAT, 0644);
         if (fd < 0) {
@@ -62,9 +63,15 @@ int extcon_update_count(int index, unsigned long count)
         }
  
         buf[r] = '\0';
-       extcon_devices[index].count = strtoul(buf, NULL, 10);
-       extcon_devices[index].count += count;
-
+       value = strtoul(buf, NULL, 10);
+       if (value == ULONG_MAX && errno == ERANGE)
+               _E("converted value is over ULONG MAX(%lu)!", ULONG_MAX);
+       else if (value > ULONG_MAX - count)
+               value = ULONG_MAX;
+       else
+               value += count;
+
+       extcon_devices[index].count = value;
         lseek(fd, 0, SEEK_SET);
         _I("ext(%d) count %lu", index, extcon_devices[index].count);
         snprintf(buf, sizeof(buf), "%lu", extcon_devices[index].count);
author	lokilee73 <changjoo.lee@samsung.com>
	Thu, 17 Jan 2019 09:02:44 +0000 (18:02 +0900)
committer	lokilee73 <changjoo.lee@samsung.com>
	Thu, 17 Jan 2019 10:22:25 +0000 (19:22 +0900)