From a915da561cf810e0eb956c04e05e54b65e149e68 Mon Sep 17 00:00:00 2001 From: Nick Kew Date: Mon, 23 Jul 2018 22:28:23 +0000 Subject: [PATCH] PR 62555: fix edge-case int overflow in apr_itoa git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1836519 13f79535-47bb-0310-9956-ffa450edef68 --- strings/apr_strings.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/strings/apr_strings.c b/strings/apr_strings.c index 0ba49c844c6..beca6d48007 100644 --- a/strings/apr_strings.c +++ b/strings/apr_strings.c @@ -362,19 +362,21 @@ APR_DECLARE(char *) apr_itoa(apr_pool_t *p, int n) const int BUFFER_SIZE = sizeof(int) * 3 + 2; char *buf = apr_palloc(p, BUFFER_SIZE); char *start = buf + BUFFER_SIZE - 1; + unsigned int un; int negative; if (n < 0) { negative = 1; - n = -n; + un = -n; } else { negative = 0; + un = n; } *start = 0; do { - *--start = '0' + (n % 10); - n /= 10; - } while (n); + *--start = '0' + (un % 10); + un /= 10; + } while (un); if (negative) { *--start = '-'; } @@ -387,18 +389,20 @@ APR_DECLARE(char *) apr_ltoa(apr_pool_t *p, long n) char *buf = apr_palloc(p, BUFFER_SIZE); char *start = buf + BUFFER_SIZE - 1; int negative; + unsigned int un; if (n < 0) { negative = 1; - n = -n; + un = -n; } else { negative = 0; + un = n; } *start = 0; do { - *--start = (char)('0' + (n % 10)); - n /= 10; - } while (n); + *--start = (char)('0' + (un % 10)); + un /= 10; + } while (un); if (negative) { *--start = '-'; }