Update.

2003-09-24  Paul Eggert  <eggert@twinsun.com>

	* argp/argp-fmtstream.c (__argp_fmtstream_ensure): Check for
	size_t overflow when reallocating storage.
	* argp/argp-help.c (make_hol, hol_append): Likewise.
	(SIZE_MAX): New macro.

diff --git a/ChangeLog b/ChangeLog
index 15bedd0..dbcac80 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2003-09-24  Paul Eggert  <eggert@twinsun.com>
+
+       * argp/argp-fmtstream.c (__argp_fmtstream_ensure): Check for
+       size_t overflow when reallocating storage.
+       * argp/argp-help.c (make_hol, hol_append): Likewise.
+       (SIZE_MAX): New macro.
+
 2003-08-07  Alfred M. Szmidt  <ams@kemisten.nu>
 
        * sysdeps/mach/hurd/bits/libc-lock.h

diff --git a/argp/argp-help.c b/argp/argp-help.c
index 8acc62d..3a2cfb4 100644 (file)
--- a/argp/argp-help.c
+++ b/argp/argp-help.c
@@ -73,6 +73,10 @@ char *alloca ();
 #include "argp.h"
 #include "argp-fmtstream.h"
 #include "argp-namefrob.h"
+
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t) -1)
+#endif 
 \f
 /* User-selectable (using an environment variable) formatting parameters.
 
@@ -441,7 +445,8 @@ make_hol (const struct argp *argp, struct hol_cluster *cluster)
       hol->entries = malloc (sizeof (struct hol_entry) * hol->num_entries);
       hol->short_options = malloc (num_short_options + 1);
 
-      assert (hol->entries && hol->short_options);
+      assert (hol->entries && hol->short_options
+             && hol->num_entries <= SIZE_MAX / sizeof (struct hol_entry));
 
       /* Fill in the entries.  */
       so = hol->short_options;
@@ -834,6 +839,9 @@ hol_append (struct hol *hol, struct hol *more)
          char *short_options =
            malloc (hol_so_len + strlen (more->short_options) + 1);
 
+         assert (entries && short_options
+                 && num_entries <= SIZE_MAX / sizeof (struct hol_entry));
+
          __mempcpy (__mempcpy (entries, hol->entries,
                                hol->num_entries * sizeof (struct hol_entry)),
                     more->entries,