diff options
author | Rich Felker <dalias@aerifal.cx> | 2016-10-06 18:34:58 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2016-10-06 18:47:53 -0400 |
commit | c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 (patch) | |
tree | e1064c892c9e2d2cbbcbce7ea22bc0967701ae46 /src/internal/shgetc.h | |
parent | 583ea83541dcc6481c7a1bd1a9b485526bad84a1 (diff) | |
download | musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.tar.gz musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.tar.xz musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.zip |
fix missing integer overflow checks in regexec buffer size computations
most of the possible overflows were already ruled out in practice by regcomp having already succeeded performing larger allocations. however at least the num_states*num_tags multiplication can clearly overflow in practice. for safety, check them all, and use the proper type, size_t, rather than int. also improve comments, use calloc in place of malloc+memset, and remove bogus casts.
Diffstat (limited to 'src/internal/shgetc.h')
0 files changed, 0 insertions, 0 deletions