OpenE2K
/
glibc
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

regexec.c: avoid overflow in realloc buffer length computation

This commit is contained in:
Paul Eggert 2010-01-22 12:41:12 -08:00 committed by Ulrich Drepper
parent 74bc9f14db
commit aef699dce1
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
[BZ #11193]
* posix/regexec.c (extend_buffers): Avoid overflow in realloc
buffer length computation.
[BZ #11192]
* posix/regexec.c (re_copy_regs): Don't leak when allocation
of the start buffer succeeds but allocation of the "end" one fails.

4
posix/regexec.c
View File

@ -4104,6 +4104,10 @@ extend_buffers (re_match_context_t *mctx)
reg_errcode_t ret;
re_string_t *pstr = &mctx->input;
/* Avoid overflow. */
if (BE (INT_MAX / 2 / sizeof (re_dfastate_t *) <= pstr->bufs_len, 0))
return REG_ESPACE;
/* Double the lengthes of the buffers. */
ret = re_string_realloc_buffers (pstr, pstr->bufs_len * 2);
if (BE (ret != REG_NOERROR, 0))