From b86c191af5689229c398ecdc0684f3ccbf8a108d Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@users.sourceforge.net>
Date: Wed, 14 May 2008 10:48:26 +0000
Subject: 25025: check radix for integer constants is between 2 and 36
 inclusive

---
 Src/builtin.c | 4 ++++
 Src/math.c    | 4 ++++
 Src/utils.c   | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'Src')

diff --git a/Src/builtin.c b/Src/builtin.c
index f11d5aa51..99eef93aa 100644
--- a/Src/builtin.c
+++ b/Src/builtin.c
@@ -1744,6 +1744,10 @@ typeset_setbase(const char *name, Param pm, Options ops, int on, int always)
 		zwarnnam(name, "bad precision value: %s", arg);
 	    return 1;
 	}
+	if (pm->base < 2 || pm->base > 36) {
+	    zwarnnam(name, "invalid base: %d", pm->base);
+	    return 1;
+	}
     } else if (always)
 	pm->base = 0;
 
diff --git a/Src/math.c b/Src/math.c
index e1cde5f03..3374efddd 100644
--- a/Src/math.c
+++ b/Src/math.c
@@ -460,6 +460,10 @@ zzlex(void)
 		}
 		if(*ptr != ']')
 			goto bofs;
+		if (outputradix < 2 || outputradix > 36) {
+		    zerr("invalid base: %d", outputradix);
+		    return EOI;
+		}
 		ptr++;
 		break;
 	    }
diff --git a/Src/utils.c b/Src/utils.c
index d3319f0a9..4992680fe 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -1834,7 +1834,7 @@ zstrtol(const char *s, char **t, int base)
 	    base = 8;
     }
     inp = s;
-    if (base > 36) {
+    if (base < 2 || base > 36) {
 	zerr("invalid base: %d", base);
 	return (zlong)0;
     } else if (base <= 10)
-- 
cgit 1.4.1