From 3e3420d1abeca33e86e48e9b4102a3e86a1909d0 Mon Sep 17 00:00:00 2001 From: Kosma Moczek Date: Sun, 27 Apr 2014 17:19:29 +0200 Subject: [PATCH] fix minmea_scan("f") overflow --- minmea.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/minmea.c b/minmea.c index e5f1f28..b40e07f 100644 --- a/minmea.c +++ b/minmea.c @@ -148,9 +148,20 @@ bool minmea_scan(const char *sentence, const char *format, ...) } else if (*field == '-' && !sign && value == -1) { sign = -1; } else if (isdigit((unsigned char) *field)) { + int digit = *field - '0'; if (value == -1) value = 0; - value = (10 * value) + (*field - '0'); + if (value > (INT_LEAST32_MAX-digit) / 10) { + /* we ran out of bits, what do we do? */ + if (scale) { + /* truncate extra precision */ + break; + } else { + /* integer overflow. bail out. */ + goto parse_error; + } + } + value = (10 * value) + digit; if (scale) scale *= 10; } else if (*field == '.' && scale == 0) {