diff options
| author | Max Kellermann <max@duempel.org> | 2014-09-04 14:38:55 +0200 |
|---|---|---|
| committer | Max Kellermann <max@duempel.org> | 2014-09-04 17:37:31 +0200 |
| commit | 421c4ae907e27661902f28c07c1c470c3dba3cf7 (patch) | |
| tree | 5dc7c244df11cdfdb7ff1a3ccdf63f02011b6095 | |
| parent | 4907f610d6116949111fb6ff81c1489ec68b9d43 (diff) | |
| download | mpd-421c4ae907e27661902f28c07c1c470c3dba3cf7.tar.gz mpd-421c4ae907e27661902f28c07c1c470c3dba3cf7.tar.xz mpd-421c4ae907e27661902f28c07c1c470c3dba3cf7.zip | |
protocol/ArgParser: fix integer overflow in parse_range()
Casting std::numeric_limits<unsigned>::max() to "long" leads to an
overflow if sizeof(unsigned)==sizeof(long), and the result will be -1.
This happens on some 32 bit architectures, for example ARM and WIN32.
Workaround: use std::numeric_limits<int>::max(), which is the largest
signed integer. Since sizeof(long)>=sizeof(int), this will never
overflow.
Fixes Mantis ticket 0004080.
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | src/protocol/ArgParser.cxx | 4 |
2 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,6 @@ ver 0.18.14 (not yet released) +* protocol + - fix range parser bug on certain 32 bit architectures ver 0.18.13 (2014/08/31) * protocol diff --git a/src/protocol/ArgParser.cxx b/src/protocol/ArgParser.cxx index b13ea3f4e..86527c751 100644 --- a/src/protocol/ArgParser.cxx +++ b/src/protocol/ArgParser.cxx @@ -81,7 +81,7 @@ check_range(Client &client, unsigned *value_r1, unsigned *value_r2, /* compatibility with older MPD versions: specifying "-1" makes MPD display the whole list */ *value_r1 = 0; - *value_r2 = std::numeric_limits<unsigned>::max(); + *value_r2 = std::numeric_limits<int>::max(); return true; } @@ -108,7 +108,7 @@ check_range(Client &client, unsigned *value_r1, unsigned *value_r2, } if (test == test2) - value = std::numeric_limits<unsigned>::max(); + value = std::numeric_limits<int>::max(); if (value < 0) { command_error(client, ACK_ERROR_ARG, |