picnoir/glibc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

regexec.c: avoid arithmetic overflow in buffer size calculation

Browse source
This commit is contained in:
Paul Eggert 2010-01-22 10:52:38 -08:00 committed by Ulrich Drepper
parent d044d844dd
commit daa8454919
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
[BZ #11188]
* posix/regexec.c (build_trtable): Avoid arithmetic overflow
in size calculation.
[BZ #11187]
* posix/regexec.c (re_search_2_stub): Use simpler method than
boolean for freeing internal storage.

7
posix/regexec.c
View file

@ -3359,6 +3359,13 @@ build_trtable (const re_dfa_t *dfa, re_dfastate_t *state)
if (BE (err != REG_NOERROR, 0))
goto out_free;
/* Avoid arithmetic overflow in size calculation. */
if (BE ((((SIZE_MAX - (sizeof (re_node_set) + sizeof (bitset_t)) * SBC_MAX)
/ (3 * sizeof (re_dfastate_t *)))
< ndests),
0))
goto out_free;
if (__libc_use_alloca ((sizeof (re_node_set) + sizeof (bitset_t)) * SBC_MAX
+ ndests * 3 * sizeof (re_dfastate_t *)))
dest_states = (re_dfastate_t **)