virconf: Properly fix numeric overflow when parsing numbers in conf files

The previous fix didn't check the overflow in addition. Use the new
macro to check both multiplication and addition overflows.

Fixes: 8666523b7d0891c38a7c9c138c4cc318eddfefeb
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

diff --git a/src/util/virconf.c b/src/util/virconf.c
index da07af178d93b9c055df8631e37677e38c927bdc..66b3e0482e5862314a86a855d5d329d3aa8abe8a 100644 (file)
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -347,13 +347,15 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
         return -1;
     }
     while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
-        if (l > LLONG_MAX / 10) {
+        long long c = (CUR - '0');
+
+        if (VIR_MULTIPLY_ADD_IS_OVERFLOW(LLONG_MAX, l, 10, c)) {
             virConfError(ctxt, VIR_ERR_OVERFLOW,
                          _("numeric overflow in conf value"));
             return -1;
         }
 
-        l = l * 10 + (CUR - '0');
+        l = l * 10 + c;
         NEXT;
     }
     if (neg)