diff options
| author |   doug <doug@openbsd.org> | 2014-10-11 04:23:12 +0000 |
|---|---|---|
| committer | doug <doug@openbsd.org> | 2014-10-11 04:23:12 +0000 |
| commit | e786dc0ae295ff293d5ed437b4c2790f18109cf5 (patch) | |
| tree | 877cf1b8fad93142a34b12451a90e7954c24cf08 /lib/libc/regex/regexec.c | |
| parent | Userland reallocarray() audit. (diff) | |
| download | wireguard-openbsd-e786dc0ae295ff293d5ed437b4c2790f18109cf5.tar.xz wireguard-openbsd-e786dc0ae295ff293d5ed437b4c2790f18109cf5.zip | |
Userland reallocarray() audit.
Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.
ok deraadt@
Diffstat (limited to 'lib/libc/regex/regexec.c')
| -rw-r--r-- | lib/libc/regex/regexec.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libc/regex/regexec.c b/lib/libc/regex/regexec.c index 5e986f34c3c..ed6a4b8d62b 100644 --- a/lib/libc/regex/regexec.c +++ b/lib/libc/regex/regexec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: regexec.c,v 1.12 2013/04/17 17:39:29 tedu Exp $ */ +/* $OpenBSD: regexec.c,v 1.13 2014/10/11 04:23:12 doug Exp $ */ /*- * Copyright (c) 1992, 1993, 1994 Henry Spencer. * Copyright (c) 1992, 1993, 1994 @@ -109,7 +109,8 @@ #define ASSIGN(d, s) memcpy(d, s, m->g->nstates) #define EQ(a, b) (memcmp(a, b, m->g->nstates) == 0) #define STATEVARS long vn; char *space -#define STATESETUP(m, nv) { (m)->space = malloc((nv)*(m)->g->nstates); \ +#define STATESETUP(m, nv) { (m)->space = reallocarray(NULL, \ + (m)->g->nstates, (nv)); \ if ((m)->space == NULL) return(REG_ESPACE); \ (m)->vn = 0; } #define STATETEARDOWN(m) { free((m)->space); } |