diff options
author | pfg <pfg@FreeBSD.org> | 2013-05-20 03:15:25 +0000 |
---|---|---|
committer | pfg <pfg@FreeBSD.org> | 2013-05-20 03:15:25 +0000 |
commit | a054c02d31fb838c7253c97946fd2ec0d8a0861e (patch) | |
tree | b963ba6ea557123e5eb06e0f4d5f0afe40ff3c50 /gnu/usr.bin/grep/dfa.c | |
parent | b3c31e12543c73dcf27340c2dd11d771db4b616a (diff) | |
download | FreeBSD-src-a054c02d31fb838c7253c97946fd2ec0d8a0861e.zip FreeBSD-src-a054c02d31fb838c7253c97946fd2ec0d8a0861e.tar.gz |
grep: change some int types.
Change several int variables to size_t, ssize_t, or ptrdiff_t.
This should fix the bug described in CVE-2012-5667 when an input
line is so long that its length cannot be stored in an int
variable.
This is based on NetBSD's revision which says:
This change to NetBSD's version of GNU grep 2.5.1 (licenced under
GPLv2) was made without direct reference to any code licenced
under GPLv3.
Obtained from: NetBSD
MFC after: 3 days
Diffstat (limited to 'gnu/usr.bin/grep/dfa.c')
-rw-r--r-- | gnu/usr.bin/grep/dfa.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/gnu/usr.bin/grep/dfa.c b/gnu/usr.bin/grep/dfa.c index 920d139..faf4f0b 100644 --- a/gnu/usr.bin/grep/dfa.c +++ b/gnu/usr.bin/grep/dfa.c @@ -334,9 +334,10 @@ static int hard_LC_COLLATE; /* Nonzero if LC_COLLATE is hard. */ #ifdef MBS_SUPPORT /* These variables are used only if (MB_CUR_MAX > 1). */ static mbstate_t mbs; /* Mbstate for mbrlen(). */ -static int cur_mb_len; /* Byte length of the current scanning - multibyte character. */ -static int cur_mb_index; /* Byte index of the current scanning multibyte +static ssize_t cur_mb_len; /* Byte length of the current scanning + multibyte character. Must also handle + negative result from mbrlen(). */ +static ssize_t cur_mb_index; /* Byte index of the current scanning multibyte character. singlebyte character : cur_mb_index = 0 @@ -369,7 +370,7 @@ static unsigned char const *buf_end; /* refference to end in dfaexec(). */ /* This function update cur_mb_len, and cur_mb_index. p points current lexptr, len is the remaining buffer length. */ static void -update_mb_len_index (unsigned char const *p, int len) +update_mb_len_index (unsigned char const *p, size_t len) { /* If last character is a part of a multibyte character, we update cur_mb_index. */ @@ -2463,7 +2464,7 @@ match_mb_charset (struct dfa *d, int s, position pos, int index) int match; /* Flag which represent that matching succeed. */ int match_len; /* Length of the character (or collating element) with which this operator match. */ - int op_len; /* Length of the operator. */ + size_t op_len; /* Length of the operator. */ char buffer[128]; wchar_t wcbuf[6]; |