RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 09:34:59 +00:00
Code Issues Activity Actions

AK: Check for overflow parsing IPv4 number in URL

Browse source 
Fixes OSS fuzz issue:
https://oss-fuzz.com/download?testcase_id=6045676088459264
This commit is contained in:
Shannon Booth 2023-10-04 21:17:00 +13:00 committed by Andreas Kling
parent 453dd0cf44
commit 3748f1d290
2 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
AK/URLParser.cpp
View file

@ -120,18 +120,22 @@ static Optional<ParsedIPv4Number> parse_ipv4_number(StringView input)
}
// 8. Let output be the mathematical integer value that is represented by input in radix-R notation, using ASCII hex digits for digits with values 0 through 15.
u32 output;
Optional<u32> maybe_output;
if (radix == 8)
output = StringUtils::convert_to_uint_from_octal(input).release_value();
maybe_output = StringUtils::convert_to_uint_from_octal(input);
else if (radix == 10)
output = input.to_uint().release_value();
maybe_output = input.to_uint();
else if (radix == 16)
output = StringUtils::convert_to_uint_from_hex(input).release_value();
maybe_output = StringUtils::convert_to_uint_from_hex(input);
else
VERIFY_NOT_REACHED();
// NOTE: Parsing may have failed due to overflow.
if (!maybe_output.has_value())
return {};
// 9. Return (output, validationError).
return ParsedIPv4Number { output, validation_error };
return ParsedIPv4Number { maybe_output.value(), validation_error };
}
// https://url.spec.whatwg.org/#concept-ipv4-parser