diff options
author | Ulrich Drepper <drepper@redhat.com> | 2010-01-22 09:48:35 -0800 |
---|---|---|
committer | Petr Baudis <pasky@ucw.cz> | 2010-05-12 01:35:30 +0200 |
commit | ea8e535ed1178b121e3ad5a5b2ebfd24a3bcf27b (patch) | |
tree | 4060f300511a536ef92e96b807d325061ad9c77b /posix/regex_internal.c | |
parent | 5238213a22c9e64eff78e1eda1763c6c4bf52bcd (diff) |
Extend overflow detection in re_dfa_add_node.
(cherry picked from commit 22364644882b6cf426ed13be5b6480c3a9210eb1)
Diffstat (limited to 'posix/regex_internal.c')
-rw-r--r-- | posix/regex_internal.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/posix/regex_internal.c b/posix/regex_internal.c index fec3123054..09cffcf0d7 100644 --- a/posix/regex_internal.c +++ b/posix/regex_internal.c @@ -1411,8 +1411,11 @@ re_dfa_add_node (re_dfa_t *dfa, re_token_t token) re_node_set *new_edests, *new_eclosures; re_token_t *new_nodes; - /* Avoid overflows. */ - if (BE (new_nodes_alloc < dfa->nodes_alloc, 0)) + /* Avoid overflows in realloc. */ + const size_t max_object_size = MAX (sizeof (re_token_t), + MAX (sizeof (re_node_set), + sizeof (int))); + if (BE (SIZE_MAX / max_object_size < new_nodes_alloc, 0)) return -1; new_nodes = re_realloc (dfa->nodes, re_token_t, new_nodes_alloc); |