View Issue Details

IDProjectCategoryView StatusLast Update
0006215Talerexchangepublic2021-09-02 18:14
Reporterfefe Assigned ToChristian Grothoff  
PrioritynormalSeveritytrivialReproducibilityN/A
Status closedResolutionfixed 
Product Version0.7.0 
Target Version0.7.1Fixed in Version0.7.1 
Summary0006215: confusing/wrong overflow check in TALER_string_to_amount
DescriptionThis is in exchange/src/util/amount.c:

129 if ( (amount->value * 10 + n < amount->value) ||
130 (amount->value > MAX_AMOUNT_VALUE) )

If (i * 10 + n < i) is not a good overflow check. There are values for which an overflow will happen but this check misses it.
However, the second half of the if statement already prevents all overflow, so it does not matter in practice.
TagsNo tags attached.

Activities

fefe

2020-04-23 12:07

developer   ~0015757

On the other hand: The check for MAX_AMOUNT_VALUE should probably be done after (not before) each *10+n iteration?
As the code currently stands, the last digit could take the value over the limit and GNUNET_OK would be returned.

Christian Grothoff

2020-04-23 12:08

manager   ~0015758

Still, we shouldn't "rely" on the 2nd check, as somone could increase that value to UINT32_MAX. I've fixed the first check, better one more ;-).

Christian Grothoff

2020-04-23 12:08

manager   ~0015759

Fixed in 0774fd70..c79a95c7

Christian Grothoff

2020-04-23 12:10

manager   ~0015760

Indeed, we should check _after_ the addition as well. Fixed that in c79a95c7..051ccdf0

Christian Grothoff

2021-09-02 18:14

manager   ~0018256

Fix committed to master branch.

Related Changesets

exchange: master 051ccdf0

2020-04-23 14:05

Christian Grothoff


Details Diff
fix 00062150006215:0015757 Affected Issues
0006215
mod - src/util/amount.c Diff File

Issue History

Date Modified Username Field Change
2020-04-23 12:05 fefe New Issue
2020-04-23 12:05 fefe Status new => assigned
2020-04-23 12:05 fefe Assigned To => Christian Grothoff
2020-04-23 12:07 fefe Note Added: 0015757
2020-04-23 12:08 Christian Grothoff Note Added: 0015758
2020-04-23 12:08 Christian Grothoff Status assigned => resolved
2020-04-23 12:08 Christian Grothoff Resolution open => fixed
2020-04-23 12:08 Christian Grothoff Fixed in Version => 0.7.1
2020-04-23 12:08 Christian Grothoff Note Added: 0015759
2020-04-23 12:08 Christian Grothoff Target Version => 0.7.1
2020-04-23 12:10 Christian Grothoff Note Added: 0015760
2021-08-24 16:23 Christian Grothoff Status resolved => closed
2021-09-02 18:13 Christian Grothoff Changeset attached => Taler-exchange master 051ccdf0
2021-09-02 18:14 Christian Grothoff Note Added: 0018256