Cap bufsiz variable (long) to avoid overflow in Alphabit & Rabbit

aleruggeri87 · aleruggeri87 · commit 162b23a2ab8f · 2022-04-20T11:19:14.000+02:00
With nb &gt; 2^(31+5), bufsiz is not correctly computed (can lead to a negative value); furthermore, with nb &gt; 2^(31-2), util_Min() in ufile_CreateReadBin() could miscalculate the minimum value and the following util_Calloc() returns an error. To avoid all of this, bufsiz has been limited to LONG_MAX/4 (in any case, the maximum allocated buffer will be ARRAYDIM &lt;&lt; LONG_MAX/4).
diff --git a/testu01/bbattery.c b/testu01/bbattery.c
@@ -2751,7 +2751,11 @@ static void Alphabit (unif01_Gen * gen, char *fname, double nb, int r, int s,
    util_Assert (nb > 0, "Alphabit:   nb <= 0");
    /* Bits will be read as 32-bit unsigned integers */
    nb -= fmod (nb, 32.0);
-   bufsiz = nb / 32.0;
+   if(nb < LONG_MAX / 4) {
+      bufsiz = nb / 32.0;
+   } else {
+      bufsiz = LONG_MAX / 4;
+   }
 
    if (blocFlag) {
       gen0 = ufile_CreateReadBin (fname, bufsiz);
@@ -3300,7 +3304,11 @@ static void Rabbit (unif01_Gen * gen, char *fname, double nb, int Rep[])
    /* Bits will be read as 32-bit unsigned integers */
    nb -= fmod (nb, 32.0);
    nw = nb / 32.0;
-   bufsiz = nw;
+   if(nw < LONG_MAX/4) {
+      bufsiz = nw;
+   } else {
+      bufsiz = LONG_MAX/4;
+   }
 
    if (NULL == gen) {
       gen = ufile_CreateReadBin (fname, bufsiz);
