From: Denis Vlasenko <vda.linux@googlemail.com>
Date: Thu, 17 Jul 2008 08:48:13 +0000 (-0000)
Subject: bb_strtoXXX: close bug 4174 (potential use of buf[-1])
X-Git-Tag: 1_12_0~164
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=416914fc6115d2013433a5956febcffb5c8a0466;p=oweals%2Fbusybox.git

bb_strtoXXX: close bug 4174 (potential use of buf[-1])
---

diff --git a/libbb/bb_strtonum.c b/libbb/bb_strtonum.c
index 50ed99b4b..2433f1f1f 100644
--- a/libbb/bb_strtonum.c
+++ b/libbb/bb_strtonum.c
@@ -30,12 +30,6 @@ static unsigned long long handle_errors(unsigned long long v, char **endp, char
 {
 	if (endp) *endp = endptr;
 
-	/* Check for the weird "feature":
-	 * a "-" string is apparently a valid "number" for strto[u]l[l]!
-	 * It returns zero and errno is 0! :( */
-	if (endptr[-1] == '-')
-		return ret_ERANGE();
-
 	/* errno is already set to ERANGE by strtoXXX if value overflowed */
 	if (endptr[0]) {
 		/* "1234abcg" or out-of-range? */
@@ -44,6 +38,11 @@ static unsigned long long handle_errors(unsigned long long v, char **endp, char
 		/* good number, just suspicious terminator */
 		errno = EINVAL;
 	}
+	/* Check for the weird "feature":
+	 * a "-" string is apparently a valid "number" for strto[u]l[l]!
+	 * It returns zero and errno is 0! :( */
+	if (endptr[-1] == '-')
+		return ret_ERANGE();
 	return v;
 }