Avoid an overflow on negation in format_helper_exit_status

Part of 13104; patch from teor.
author: Nick Mathewson <nickm@torproject.org> 2014-09-11 00:00:13 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-09-11 00:00:13 -0400
commit: 284cc9a22405bf320944b34ac08be74c2d897fc3 (patch)
tree: abafe075c57425932a7bcb4a5e26bc41c3b03ff1 /src/common/util.c
parent: 59f9a5c78695213442599e8f2e8a535e8a9cc666 (diff)
download: tor-284cc9a22405bf320944b34ac08be74c2d897fc3.tar.gz
tor-284cc9a22405bf320944b34ac08be74c2d897fc3.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/common/util.c b/src/common/util.c
index 297ae7806e..3acae1c118 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -3555,7 +3555,13 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
 
   /* Convert errno to be unsigned for hex conversion */
   if (saved_errno < 0) {
-    unsigned_errno = (unsigned int) -saved_errno;
+    // Avoid overflow on the cast to unsigned int when result is INT_MIN
+    // by adding 1 to the signed int negative value,
+    // then, after it has been negated and cast to unsigned,
+    // adding the original 1 back (the double-addition is intentional).
+    // Otherwise, the cast to signed could cause a temporary int
+    // to equal INT_MAX + 1, which is undefined.
+    unsigned_errno = ((unsigned int) -(saved_errno + 1)) + 1;
   } else {
     unsigned_errno = (unsigned int) saved_errno;
   }
author	Nick Mathewson <nickm@torproject.org>	2014-09-11 00:00:13 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-09-11 00:00:13 -0400
commit	284cc9a22405bf320944b34ac08be74c2d897fc3 (patch)
tree	abafe075c57425932a7bcb4a5e26bc41c3b03ff1 /src/common/util.c
parent	59f9a5c78695213442599e8f2e8a535e8a9cc666 (diff)
download	tor-284cc9a22405bf320944b34ac08be74c2d897fc3.tar.gz tor-284cc9a22405bf320944b34ac08be74c2d897fc3.zip