From 38622da97fb6fcb2d43d5676ac75cb5ac7896359 Mon Sep 17 00:00:00 2001
From: lutianxiong <lutianxiong@huawei.com>
Date: Tue, 16 Jun 2020 11:15:10 +0800
Subject: [PATCH] Fix int64 overflow check

Overflow check "(value >> 32)  * 10  < INT32_MAX" may not work in
certain conditions, e.g. value is 0xcccccccdbcdc9cc

Note: This fixes oss-fuzz bug 16117.
---
 libclamav/htmlnorm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libclamav/htmlnorm.c b/libclamav/htmlnorm.c
index d0be15b..4ac4948 100644
--- a/libclamav/htmlnorm.c
+++ b/libclamav/htmlnorm.c
@@ -1459,9 +1459,9 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 					next_state = HTML_BAD_STATE;
 					ptr++;
 				} else if (isdigit(*ptr) || (hex && isxdigit(*ptr))) {
-                        if (hex && (value >> 32) * 16 < INT32_MAX) {
+                        if (hex && value < INT64_MAX / 16) {
 						value *= 16;
-                        } else if ((value >> 32) * 10 < INT32_MAX) {
+                        } else if (value < INT64_MAX / 10) {
 						value *= 10;
                         } else {
                             html_output_c(file_buff_o2, value);
@@ -1727,7 +1727,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 				state = HTML_RFC2397_DATA;
 				break;
 			case HTML_ESCAPE_CHAR:
-                    if ((value >> 32) * 16 < INT32_MAX) {
+                    if (value < INT64_MAX / 16) {
 				value *= 16;
                     } else {
                         state = next_state;
-- 
2.23.0