diff options
author | Rich Felker <dalias@aerifal.cx> | 2016-10-06 18:34:58 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2016-10-06 18:47:53 -0400 |
commit | c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 (patch) | |
tree | e1064c892c9e2d2cbbcbce7ea22bc0967701ae46 /src/mman/madvise.c | |
parent | 583ea83541dcc6481c7a1bd1a9b485526bad84a1 (diff) | |
download | musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.tar.gz musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.tar.bz2 musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.tar.xz musl-c3edc06d1e1360f3570db9155d6b318ae0d0f0f7.zip |
fix missing integer overflow checks in regexec buffer size computations
most of the possible overflows were already ruled out in practice by
regcomp having already succeeded performing larger allocations.
however at least the num_states*num_tags multiplication can clearly
overflow in practice. for safety, check them all, and use the proper
type, size_t, rather than int.
also improve comments, use calloc in place of malloc+memset, and
remove bogus casts.
Diffstat (limited to 'src/mman/madvise.c')
0 files changed, 0 insertions, 0 deletions