1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
|
From: =?utf-8?q?Tim_R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Tue, 1 Aug 2017 11:16:47 +0200
Subject: puny_decode: Fix integer overflow (found by fuzzing)
---
punycode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/punycode.c b/punycode.c
index 396c597..b7a860d 100644
--- a/punycode.c
+++ b/punycode.c
@@ -94,10 +94,10 @@ enum { base = 36, tmin = 1, tmax = 26, skew = 38, damp = 700,
/* point (for use in representing integers) in the range 0 to */
/* base-1, or base if cp does not represent a value. */
-static punycode_uint decode_digit(punycode_uint cp)
+static unsigned decode_digit(int cp)
{
- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
- cp - 97 < 26 ? cp - 97 : base;
+ return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+ cp - 97 < 26 ? cp - 97 : base);
}
/* encode_digit(d,flag) returns the basic code point whose value */
|