diff options
| author |   tedu <tedu@openbsd.org> | 2003-11-07 02:58:23 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2003-11-07 02:58:23 +0000 |
| commit | 8efcebac1c690636b68c3283e84437b6652e5280 (patch) | |
| tree | bb4df477622315c5be4cd5780e3a8064763ee12c /usr.bin | |
| parent | Do not use a reserved PTE bit as the wired bit, this can bite you. (diff) | |
| download | wireguard-openbsd-8efcebac1c690636b68c3283e84437b6652e5280.tar.xz wireguard-openbsd-8efcebac1c690636b68c3283e84437b6652e5280.zip | |
prevent overflow, see freebsd r1.32. also, do nicer reallocs.
ok millert@ otto@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/sed/process.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c index 622eb502883..9aa2da86c80 100644 --- a/usr.bin/sed/process.c +++ b/usr.bin/sed/process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: process.c,v 1.11 2003/06/10 22:20:51 deraadt Exp $ */ +/* $OpenBSD: process.c,v 1.12 2003/11/07 02:58:23 tedu Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -35,7 +35,7 @@ #ifndef lint /* from: static char sccsid[] = "@(#)process.c 8.1 (Berkeley) 6/6/93"; */ -static char *rcsid = "$OpenBSD: process.c,v 1.11 2003/06/10 22:20:51 deraadt Exp $"; +static char *rcsid = "$OpenBSD: process.c,v 1.12 2003/11/07 02:58:23 tedu Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -106,10 +106,12 @@ redirect: cp = cp->u.c; goto redirect; case 'a': - if (appendx >= appendnum) + if (appendx >= appendnum) { appends = xrealloc(appends, sizeof(struct s_appends) * - (appendnum *= 2)); + (appendnum * 2)); + appendnum *= 2; + } appends[appendx].type = AP_STRING; appends[appendx].s = cp->t; appends[appendx].len = strlen(cp->t); @@ -537,9 +539,10 @@ regsub(SPACE *sp, char *string, char *src) char c, *dst; #define NEEDSP(reqlen) \ - if (sp->len >= sp->blen - (reqlen) - 1) { \ - sp->blen += (reqlen) + 1024; \ - sp->space = sp->back = xrealloc(sp->back, sp->blen); \ + if (sp->len + (reqlen) + 1 >= sp->blen) { \ + size_t newlen = sp->blen + (reqlen) + 1024; \ + sp->space = sp->back = xrealloc(sp->back, newlen); \ + sp->blen = newlen; \ dst = sp->space + sp->len; \ } @@ -582,8 +585,9 @@ cspace(SPACE *sp, char *p, size_t len, enum e_spflag spflag) /* Make sure SPACE has enough memory and ramp up quickly. */ tlen = sp->len + len + 1; if (tlen > sp->blen) { - sp->blen = tlen + 1024; - sp->space = sp->back = xrealloc(sp->back, sp->blen); + size_t newlen = tlen + 1024; + sp->space = sp->back = xrealloc(sp->back, newlen); + sp->blen = newlen; } if (spflag == REPLACE) |