From bee4fc54e7a3cf6e1965efeaa068ca8db4ba976f Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Fri, 22 Nov 2019 21:00:18 +0100 Subject: [PATCH] fix overflows in uint comparisons --- src/drv_maildir.c | 4 ++-- src/util.c | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/drv_maildir.c b/src/drv_maildir.c index 958dde8..8818d2e 100644 --- a/src/drv_maildir.c +++ b/src/drv_maildir.c @@ -840,8 +840,8 @@ maildir_compare( const void *l, const void *r ) char *ldot, *rdot, *ldot2, *rdot2, *lseq, *rseq; int ret, llen, rlen; - if ((ret = lm->uid - rm->uid)) - return ret; + if (lm->uid != rm->uid) // Can't subtract, the result might not fit into signed int. + return lm->uid > rm->uid ? 1 : -1; /* No UID, so sort by arrival date. We should not do this, but we rely on the suggested unique file name scheme - we have no choice. */ diff --git a/src/util.c b/src/util.c index 8c56a28..2a96389 100644 --- a/src/util.c +++ b/src/util.c @@ -534,7 +534,10 @@ map_name( const char *arg, char **result, int reserve, const char *in, const cha static int compare_uints( const void *l, const void *r ) { - return *(uint *)l - *(uint *)r; + uint li = *(uint *)l, ri = *(uint *)r; + if (li != ri) // Can't subtract, the result might not fit into signed int. + return li > ri ? 1 : -1; + return 0; } void