From: JinWang An <jinwang.an@samsung.com>
Date: Wed, 21 Jun 2023 05:09:37 +0000 (+0900)
Subject: [CVE-2012-5667] grep: change some int types.
X-Git-Tag: submit/tizen_6.0_base/20230622.061802^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_6.0_base;p=product%2Fupstream%2Fgawk.git

[CVE-2012-5667] grep: change some int types.

Change several int variables to size_t, ssize_t, or ptrdiff_t.
This should fix the bug described in CVE-2012-5667 when an input
line is so long that its length cannot be stored in an int
variable.

This is based on NetBSD's revision which says:

This change to NetBSD's version of GNU grep 2.5.1 (licenced under
GPLv2) was made without direct reference to any code licenced
under GPLv3.

Obtained from:	NetBSD
MFC after:	3 days

Change-Id: Iab3df8be93fa6d6725581410b1183e075002964b
Signed-off-by: JinWang An <jinwang.an@samsung.com>
---

diff --git a/dfa.c b/dfa.c
index ae170ad..fd0135c 100644
--- a/dfa.c
+++ b/dfa.c
@@ -366,9 +366,9 @@ static int hard_LC_COLLATE;	/* Nonzero if LC_COLLATE is hard.  */
 #ifdef MBS_SUPPORT
 /* These variables are used only if (MB_CUR_MAX > 1).  */
 static mbstate_t mbs;		/* Mbstate for mbrlen().  */
-static int cur_mb_len;		/* Byte length of the current scanning
+static ssize_t cur_mb_len;		/* Byte length of the current scanning
 				   multibyte character.  */
-static int cur_mb_index;        /* Byte index of the current scanning multibyte
+static ssize_t cur_mb_index;        /* Byte index of the current scanning multibyte
                                    character.
 
 				   single byte character : cur_mb_index = 0
@@ -401,7 +401,7 @@ static unsigned char const *buf_end;	/* reference to end in dfaexec().  */
 /* This function update cur_mb_len, and cur_mb_index.
    p points current lexptr, len is the remaining buffer length.  */
 static void
-update_mb_len_index (unsigned char const *p, int len)
+update_mb_len_index (unsigned char const *p, size_t len)
 {
   /* If last character is a part of a multibyte character,
      we update cur_mb_index.  */
@@ -2554,7 +2554,7 @@ match_mb_charset (struct dfa *d, int s, position pos, int index)
   int match;		/* Flag which represent that matching succeed.  */
   int match_len;	/* Length of the character (or collating element)
 			   with which this operator match.  */
-  int op_len;		/* Length of the operator.  */
+  size_t op_len;		/* Length of the operator.  */
   char buffer[128];
   wchar_t wcbuf[6];