View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006215 | Taler | exchange | public | 2020-04-23 12:05 | 2021-09-02 18:14 |
Reporter | fefe | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | trivial | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 0.7.0 | ||||
Target Version | 0.7.1 | Fixed in Version | 0.7.1 | ||
Summary | 0006215: confusing/wrong overflow check in TALER_string_to_amount | ||||
Description | This is in exchange/src/util/amount.c: 129 if ( (amount->value * 10 + n < amount->value) || 130 (amount->value > MAX_AMOUNT_VALUE) ) If (i * 10 + n < i) is not a good overflow check. There are values for which an overflow will happen but this check misses it. However, the second half of the if statement already prevents all overflow, so it does not matter in practice. | ||||
Tags | No tags attached. | ||||
|
On the other hand: The check for MAX_AMOUNT_VALUE should probably be done after (not before) each *10+n iteration? As the code currently stands, the last digit could take the value over the limit and GNUNET_OK would be returned. |
|
Still, we shouldn't "rely" on the 2nd check, as somone could increase that value to UINT32_MAX. I've fixed the first check, better one more ;-). |
|
Fixed in 0774fd70..c79a95c7 |
|
Indeed, we should check _after_ the addition as well. Fixed that in c79a95c7..051ccdf0 |
|
Fix committed to master branch. |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-04-23 12:05 | fefe | New Issue | |
2020-04-23 12:05 | fefe | Status | new => assigned |
2020-04-23 12:05 | fefe | Assigned To | => Christian Grothoff |
2020-04-23 12:07 | fefe | Note Added: 0015757 | |
2020-04-23 12:08 | Christian Grothoff | Note Added: 0015758 | |
2020-04-23 12:08 | Christian Grothoff | Status | assigned => resolved |
2020-04-23 12:08 | Christian Grothoff | Resolution | open => fixed |
2020-04-23 12:08 | Christian Grothoff | Fixed in Version | => 0.7.1 |
2020-04-23 12:08 | Christian Grothoff | Note Added: 0015759 | |
2020-04-23 12:08 | Christian Grothoff | Target Version | => 0.7.1 |
2020-04-23 12:10 | Christian Grothoff | Note Added: 0015760 | |
2021-08-24 16:23 | Christian Grothoff | Status | resolved => closed |
2021-09-02 18:13 | Christian Grothoff | Changeset attached | => Taler-exchange master 051ccdf0 |
2021-09-02 18:14 | Christian Grothoff | Note Added: 0018256 |