Prevent signed integer overflow in cfgParseSize().

If the value and multiplier were large enough then the return value could overflow unpredictably. Check the value to make sure it will not overflow with the current multiplier. It would be better to present an "out of range" error to the user rather than "is not valid" but it doesn't seem worth the effort since the error is extremely unlikely. Found with -fsanitize=undefined.
2025-01-18 04:58:51 +02:00 · 2022-03-24 11:00:51 -06:00 · 2022-03-24 11:00:51 -06:00 · edf6c70baa
commit edf6c70baa
parent ccbe2a1f70
2 changed files with 16 additions and 2 deletions
--- a/src/config/common.c
+++ b/src/config/common.c
@ -101,7 +101,12 @@ cfgParseSize(const String *const value)
        }

        // Convert string to bytes
-        FUNCTION_TEST_RETURN(cvtZToInt64(strZ(valueLower)) * multiplier);
+        const int64_t valueInt = cvtZToInt64(strZ(valueLower));
+
+        if (valueInt > INT64_MAX / multiplier)
+            THROW_FMT(FormatError, "value '%s' is out of range", strZ(value));
+
+        FUNCTION_TEST_RETURN(valueInt * multiplier);
    }

    THROW_FMT(FormatError, "value '%s' is not valid", strZ(value));
--- a/test/src/module/config/parseTest.c
+++ b/test/src/module/config/parseTest.c
@ -1017,7 +1017,16 @@ testRun(void)
        hrnCfgArgRawZ(argList, cfgOptManifestSaveThreshold, "999999999999999999p");
        TEST_ERROR(
            configParse(storageTest, strLstSize(argList), strLstPtr(argList), false), OptionInvalidValueError,
-            "'999999999999999999p' is out of range for 'manifest-save-threshold' option");
+            "'999999999999999999p' is not valid for 'manifest-save-threshold' option");
+
+        argList = strLstNew();
+        strLstAddZ(argList, TEST_BACKREST_EXE);
+        strLstAddZ(argList, TEST_COMMAND_BACKUP);
+        hrnCfgArgRawZ(argList, cfgOptStanza, "db");
+        hrnCfgArgRawZ(argList, cfgOptManifestSaveThreshold, "999t");
+        TEST_ERROR(
+            configParse(storageTest, strLstSize(argList), strLstPtr(argList), false), OptionInvalidValueError,
+            "'999t' is out of range for 'manifest-save-threshold' option");

        // -------------------------------------------------------------------------------------------------------------------------
        TEST_TITLE("value missing");