regexec.c: avoid overflow in computing sum of lengths
This commit is contained in:
parent
eadc09f22c
commit
42a2c9b5c3
@ -1,5 +1,9 @@
|
||||
2010-01-22 Jim Meyering <jim@meyering.net>
|
||||
|
||||
[BZ #11191]
|
||||
* posix/regexec.c (re_search_2_stub): Check for overflow
|
||||
when adding the sizes of the two strings.
|
||||
|
||||
[BZ #11190]
|
||||
* posix/regexec.c (re_search_internal): Avoid overflow
|
||||
in computing re_malloc buffer size.
|
||||
|
@ -370,7 +370,7 @@ re_search_2_stub (bufp, string1, length1, string2, length2, start, range, regs,
|
||||
int len = length1 + length2;
|
||||
char *s = NULL;
|
||||
|
||||
if (BE (length1 < 0 || length2 < 0 || stop < 0, 0))
|
||||
if (BE (length1 < 0 || length2 < 0 || stop < 0 || len < length1, 0))
|
||||
return -2;
|
||||
|
||||
/* Concatenate the strings. */
|
||||
|
Loading…
x
Reference in New Issue
Block a user