]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5238213)
Extend overflow detection in re_dfa_add_node.
authorUlrich Drepper <drepper@redhat.com>
Fri, 22 Jan 2010 17:48:35 +0000 (09:48 -0800)
committerPetr Baudis <pasky@ucw.cz>
Tue, 11 May 2010 23:35:30 +0000 (01:35 +0200)
(cherry picked from commit 22364644882b6cf426ed13be5b6480c3a9210eb1)

ChangeLog patch | blob | blame | history
posix/regex_internal.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 7bd7e8b44a84cd20a966246b95869271de711039..4f777321f1c4eea212626cf4cf5da86d3c90c8be 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2010-01-22  Jim Meyering  <jim@meyering.net>
 
+       [BZ #11184]
+       * posix/regex_internal.c (re_dfa_add_node): Extend the overflow
+       detection test.  Patch by Paul Eggert.
+
+       [BZ #11183]
        * posix/regex_internal.c (re_string_realloc_buffers):
        Detect and handle internal overflow.  Patch by Paul Eggert
 
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index fec3123054db3327001c303280a9a50766b0510b..09cffcf0d7b195117318f1da76a5e1e8d6982ece 100644 (file)
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -1411,8 +1411,11 @@ re_dfa_add_node (re_dfa_t *dfa, re_token_t token)
       re_node_set *new_edests, *new_eclosures;
       re_token_t *new_nodes;
 
-      /* Avoid overflows.  */
-      if (BE (new_nodes_alloc < dfa->nodes_alloc, 0))
+      /* Avoid overflows in realloc.  */
+      const size_t max_object_size = MAX (sizeof (re_token_t),
+                                         MAX (sizeof (re_node_set),
+                                              sizeof (int)));
+      if (BE (SIZE_MAX / max_object_size < new_nodes_alloc, 0))
        return -1;
 
       new_nodes = re_realloc (dfa->nodes, re_token_t, new_nodes_alloc);
A mirror of the official glibc repository