summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-09-11 00:00:13 -0400
committerNick Mathewson <nickm@torproject.org>2014-09-11 00:00:13 -0400
commit284cc9a22405bf320944b34ac08be74c2d897fc3 (patch)
treeabafe075c57425932a7bcb4a5e26bc41c3b03ff1 /src/common
parent59f9a5c78695213442599e8f2e8a535e8a9cc666 (diff)
downloadtor-284cc9a22405bf320944b34ac08be74c2d897fc3.tar.gz
tor-284cc9a22405bf320944b34ac08be74c2d897fc3.zip
Avoid an overflow on negation in format_helper_exit_status
Part of 13104; patch from teor.
Diffstat (limited to 'src/common')
-rw-r--r--src/common/util.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/common/util.c b/src/common/util.c
index 297ae7806e..3acae1c118 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -3555,7 +3555,13 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
/* Convert errno to be unsigned for hex conversion */
if (saved_errno < 0) {
- unsigned_errno = (unsigned int) -saved_errno;
+ // Avoid overflow on the cast to unsigned int when result is INT_MIN
+ // by adding 1 to the signed int negative value,
+ // then, after it has been negated and cast to unsigned,
+ // adding the original 1 back (the double-addition is intentional).
+ // Otherwise, the cast to signed could cause a temporary int
+ // to equal INT_MAX + 1, which is undefined.
+ unsigned_errno = ((unsigned int) -(saved_errno + 1)) + 1;
} else {
unsigned_errno = (unsigned int) saved_errno;
}