From 22364644882b6cf426ed13be5b6480c3a9210eb1 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Fri, 22 Jan 2010 09:48:35 -0800 Subject: Extend overflow detection in re_dfa_add_node. --- posix/regex_internal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'posix/regex_internal.c') diff --git a/posix/regex_internal.c b/posix/regex_internal.c index 690ed8d8b7..67c174a824 100644 --- a/posix/regex_internal.c +++ b/posix/regex_internal.c @@ -1411,8 +1411,11 @@ re_dfa_add_node (re_dfa_t *dfa, re_token_t token) re_node_set *new_edests, *new_eclosures; re_token_t *new_nodes; - /* Avoid overflows. */ - if (BE (new_nodes_alloc < dfa->nodes_alloc, 0)) + /* Avoid overflows in realloc. */ + const size_t max_object_size = MAX (sizeof (re_token_t), + MAX (sizeof (re_node_set), + sizeof (int))); + if (BE (SIZE_MAX / max_object_size < new_nodes_alloc, 0)) return -1; new_nodes = re_realloc (dfa->nodes, re_token_t, new_nodes_alloc); -- cgit v1.2.3