From b86c191af5689229c398ecdc0684f3ccbf8a108d Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@users.sourceforge.net>
Date: Wed, 14 May 2008 10:48:26 +0000
Subject: 25025: check radix for integer constants is between 2 and 36
 inclusive

---
 ChangeLog           | 6 ++++++
 Doc/Zsh/builtins.yo | 2 +-
 Src/builtin.c       | 4 ++++
 Src/math.c          | 4 ++++
 Src/utils.c         | 2 +-
 5 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 43878d90a..3d833a318 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-05-14  Peter Stephenson  <pws@csr.com>
+
+	* 25025: Doc/Zsh/builtins.yo, Src/builtin.c, Src/math.c,
+	Src/utils.c: more checks to ensure radix for arithmetic
+	constants is between 2 and 36 inclusive.
+
 2008-05-13  Peter Stephenson  <pws@csr.com>
 
 	* 25018: Omari Norman: Completion/Unix/Command/{_awk,_cut,_join}:
diff --git a/Doc/Zsh/builtins.yo b/Doc/Zsh/builtins.yo
index dad180180..68f614508 100644
--- a/Doc/Zsh/builtins.yo
+++ b/Doc/Zsh/builtins.yo
@@ -1555,7 +1555,7 @@ for non-special parameters.
 item(tt(-i))(
 Use an internal integer representation.  If var(n) is nonzero it
 defines the output arithmetic base, otherwise it is determined by the
-first assignment.
+first assignment.  Bases from 2 to 36 inclusive are allowed.
 )
 item(tt(-E))(
 Use an internal double-precision floating point representation.  On output
diff --git a/Src/builtin.c b/Src/builtin.c
index f11d5aa51..99eef93aa 100644
--- a/Src/builtin.c
+++ b/Src/builtin.c
@@ -1744,6 +1744,10 @@ typeset_setbase(const char *name, Param pm, Options ops, int on, int always)
 		zwarnnam(name, "bad precision value: %s", arg);
 	    return 1;
 	}
+	if (pm->base < 2 || pm->base > 36) {
+	    zwarnnam(name, "invalid base: %d", pm->base);
+	    return 1;
+	}
     } else if (always)
 	pm->base = 0;
 
diff --git a/Src/math.c b/Src/math.c
index e1cde5f03..3374efddd 100644
--- a/Src/math.c
+++ b/Src/math.c
@@ -460,6 +460,10 @@ zzlex(void)
 		}
 		if(*ptr != ']')
 			goto bofs;
+		if (outputradix < 2 || outputradix > 36) {
+		    zerr("invalid base: %d", outputradix);
+		    return EOI;
+		}
 		ptr++;
 		break;
 	    }
diff --git a/Src/utils.c b/Src/utils.c
index d3319f0a9..4992680fe 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -1834,7 +1834,7 @@ zstrtol(const char *s, char **t, int base)
 	    base = 8;
     }
     inp = s;
-    if (base > 36) {
+    if (base < 2 || base > 36) {
 	zerr("invalid base: %d", base);
 	return (zlong)0;
     } else if (base <= 10)
-- 
cgit 1.4.1