Fix memory allocation size overflows (PR69687, patch by Marcel Böhme)
PR c++/69687 * cplus-dem.c: Include <limits.h> if available. (INT_MAX): Define if necessary. (remember_type, remember_Ktype, register_Btype, string_need): Abort if we detect cases where we the size of the allocation would overflow. From-SVN: r234829
This commit is contained in:
parent
59dad006fa
commit
bdf66f7734
|
@ -1,5 +1,12 @@
|
|||
2016-04-08 Marcel Böhme <boehme.marcel@gmail.com>
|
||||
|
||||
PR c++/69687
|
||||
* cplus-dem.c: Include <limits.h> if available.
|
||||
(INT_MAX): Define if necessary.
|
||||
(remember_type, remember_Ktype, register_Btype, string_need):
|
||||
Abort if we detect cases where we the size of the allocation would
|
||||
overflow.
|
||||
|
||||
PR c++/70498
|
||||
* cplus-dem.c (gnu_special): Handle case where consume_count returns
|
||||
-1.
|
||||
|
|
|
@ -56,6 +56,13 @@ void * malloc ();
|
|||
void * realloc ();
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIMITS_H
|
||||
#include <limits.h>
|
||||
#endif
|
||||
#ifndef INT_MAX
|
||||
# define INT_MAX (int)(((unsigned int) ~0) >> 1) /* 0x7FFFFFFF */
|
||||
#endif
|
||||
|
||||
#include <demangle.h>
|
||||
#undef CURRENT_DEMANGLING_STYLE
|
||||
#define CURRENT_DEMANGLING_STYLE work->options
|
||||
|
@ -4261,6 +4268,8 @@ remember_type (struct work_stuff *work, const char *start, int len)
|
|||
}
|
||||
else
|
||||
{
|
||||
if (work -> typevec_size > INT_MAX / 2)
|
||||
xmalloc_failed (INT_MAX);
|
||||
work -> typevec_size *= 2;
|
||||
work -> typevec
|
||||
= XRESIZEVEC (char *, work->typevec, work->typevec_size);
|
||||
|
@ -4288,6 +4297,8 @@ remember_Ktype (struct work_stuff *work, const char *start, int len)
|
|||
}
|
||||
else
|
||||
{
|
||||
if (work -> ksize > INT_MAX / 2)
|
||||
xmalloc_failed (INT_MAX);
|
||||
work -> ksize *= 2;
|
||||
work -> ktypevec
|
||||
= XRESIZEVEC (char *, work->ktypevec, work->ksize);
|
||||
|
@ -4317,6 +4328,8 @@ register_Btype (struct work_stuff *work)
|
|||
}
|
||||
else
|
||||
{
|
||||
if (work -> bsize > INT_MAX / 2)
|
||||
xmalloc_failed (INT_MAX);
|
||||
work -> bsize *= 2;
|
||||
work -> btypevec
|
||||
= XRESIZEVEC (char *, work->btypevec, work->bsize);
|
||||
|
@ -4771,6 +4784,8 @@ string_need (string *s, int n)
|
|||
else if (s->e - s->p < n)
|
||||
{
|
||||
tem = s->p - s->b;
|
||||
if (n > INT_MAX / 2 - tem)
|
||||
xmalloc_failed (INT_MAX);
|
||||
n += tem;
|
||||
n *= 2;
|
||||
s->b = XRESIZEVEC (char, s->b, n);
|
||||
|
|
Loading…
Reference in New Issue