The previous fix didn't check the overflow in addition. Use the new macro to check both multiplication and addition overflows. Fixes: 8666523b7d0891c38a7c9c138c4cc318eddfefeb Closes: https://gitlab.com/libvirt/libvirt/-/issues/671 Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/util/virconf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/util/virconf.c b/src/util/virconf.c index da07af178d..66b3e0482e 100644 --- a/src/util/virconf.c +++ b/src/util/virconf.c @@ -347,13 +347,15 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val) return -1; } while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) { - if (l > LLONG_MAX / 10) { + long long c = (CUR - '0'); + + if (VIR_MULTIPLY_ADD_IS_OVERFLOW(LLONG_MAX, l, 10, c)) { virConfError(ctxt, VIR_ERR_OVERFLOW, _("numeric overflow in conf value")); return -1; } - l = l * 10 + (CUR - '0'); + l = l * 10 + c; NEXT; } if (neg) -- 2.46.0
