2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11184]
+ * posix/regex_internal.c (re_dfa_add_node): Extend the overflow
+ detection test. Patch by Paul Eggert.
+
+ [BZ #11183]
* posix/regex_internal.c (re_string_realloc_buffers):
Detect and handle internal overflow. Patch by Paul Eggert
re_node_set *new_edests, *new_eclosures;
re_token_t *new_nodes;
- /* Avoid overflows. */
- if (BE (new_nodes_alloc < dfa->nodes_alloc, 0))
+ /* Avoid overflows in realloc. */
+ const size_t max_object_size = MAX (sizeof (re_token_t),
+ MAX (sizeof (re_node_set),
+ sizeof (int)));
+ if (BE (SIZE_MAX / max_object_size < new_nodes_alloc, 0))
return -1;
new_nodes = re_realloc (dfa->nodes, re_token_t, new_nodes_alloc);