From 421c4ae907e27661902f28c07c1c470c3dba3cf7 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Thu, 4 Sep 2014 14:38:55 +0200
Subject: protocol/ArgParser: fix integer overflow in parse_range()

Casting std::numeric_limits<unsigned>::max() to "long" leads to an
overflow if sizeof(unsigned)==sizeof(long), and the result will be -1.

This happens on some 32 bit architectures, for example ARM and WIN32.

Workaround: use std::numeric_limits<int>::max(), which is the largest
signed integer.  Since sizeof(long)>=sizeof(int), this will never
overflow.

Fixes Mantis ticket 0004080.
---
 src/protocol/ArgParser.cxx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/protocol')

diff --git a/src/protocol/ArgParser.cxx b/src/protocol/ArgParser.cxx
index b13ea3f4e..86527c751 100644
--- a/src/protocol/ArgParser.cxx
+++ b/src/protocol/ArgParser.cxx
@@ -81,7 +81,7 @@ check_range(Client &client, unsigned *value_r1, unsigned *value_r2,
 		/* compatibility with older MPD versions: specifying
 		   "-1" makes MPD display the whole list */
 		*value_r1 = 0;
-		*value_r2 = std::numeric_limits<unsigned>::max();
+		*value_r2 = std::numeric_limits<int>::max();
 		return true;
 	}
 
@@ -108,7 +108,7 @@ check_range(Client &client, unsigned *value_r1, unsigned *value_r2,
 		}
 
 		if (test == test2)
-			value = std::numeric_limits<unsigned>::max();
+			value = std::numeric_limits<int>::max();
 
 		if (value < 0) {
 			command_error(client, ACK_ERROR_ARG,
-- 
cgit v1.2.3