diff options
author | Ulrich Drepper <drepper@redhat.com> | 2010-01-22 09:48:35 -0800 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2010-01-22 09:48:35 -0800 |
commit | 22364644882b6cf426ed13be5b6480c3a9210eb1 (patch) | |
tree | 57908032218d730f63226bbc1c87d5969d455bf4 | |
parent | 54dd0ab31fe2b2168ba1a6180a0c05941fb54b3c (diff) | |
download | glibc-22364644882b6cf426ed13be5b6480c3a9210eb1.tar.gz glibc-22364644882b6cf426ed13be5b6480c3a9210eb1.tar.xz glibc-22364644882b6cf426ed13be5b6480c3a9210eb1.zip |
Extend overflow detection in re_dfa_add_node.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | posix/regex_internal.c | 7 |
2 files changed, 10 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog index 7afc90cde6..98c36d5012 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2010-01-22 Jim Meyering <jim@meyering.net> + [BZ #11184] + * posix/regex_internal.c (re_dfa_add_node): Extend the overflow + detection test. Patch by Paul Eggert. + + [BZ #11183] * posix/regex_internal.c (re_string_realloc_buffers): Detect and handle internal overflow. Patch by Paul Eggert diff --git a/posix/regex_internal.c b/posix/regex_internal.c index 690ed8d8b7..67c174a824 100644 --- a/posix/regex_internal.c +++ b/posix/regex_internal.c @@ -1411,8 +1411,11 @@ re_dfa_add_node (re_dfa_t *dfa, re_token_t token) re_node_set *new_edests, *new_eclosures; re_token_t *new_nodes; - /* Avoid overflows. */ - if (BE (new_nodes_alloc < dfa->nodes_alloc, 0)) + /* Avoid overflows in realloc. */ + const size_t max_object_size = MAX (sizeof (re_token_t), + MAX (sizeof (re_node_set), + sizeof (int))); + if (BE (SIZE_MAX / max_object_size < new_nodes_alloc, 0)) return -1; new_nodes = re_realloc (dfa->nodes, re_token_t, new_nodes_alloc); |