AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-10 07:10:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

regex: avoid internal re_realloc overflow

Browse Source
This commit is contained in:
Ulrich Drepper 2010-01-22 09:33:01 -08:00
parent e3b7670be2
commit 54dd0ab31f
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2010-01-22 Jim Meyering <jim@meyering.net>
* posix/regex_internal.c (re_string_realloc_buffers):
Detect and handle internal overflow. Patch by Paul Eggert
2010-01-20 Andreas Schwab <schwab@redhat.com>
* sysdeps/unix/sysv/linux/s390/s390-32/____longjmp_chk.c

9
posix/regex_internal.c
View File

@ -133,7 +133,14 @@ re_string_realloc_buffers (re_string_t *pstr, int new_buf_len)
#ifdef RE_ENABLE_I18N
if (pstr->mb_cur_max > 1)
{
wint_t *new_wcs = re_realloc (pstr->wcs, wint_t, new_buf_len);
wint_t *new_wcs;
/* Avoid overflow in realloc. */
const size_t max_object_size = MAX (sizeof (wint_t), sizeof (int));
if (BE (SIZE_MAX / max_object_size < new_buf_len, 0))
return REG_ESPACE;
new_wcs = re_realloc (pstr->wcs, wint_t, new_buf_len);
if (BE (new_wcs == NULL, 0))
return REG_ESPACE;
pstr->wcs = new_wcs;