summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2003-11-07 02:58:24 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2003-11-07 02:58:24 +0000
commit573b3659e73295a82a68d1d4547243ff9094b3f2 (patch)
tree9ffb830ab48d71373eb9a0c8b63ed72a1c492b11
parent012b0c83229277a1e6b6e0468bcdf2f959555c5c (diff)
prevent overflow, see freebsd r1.32. also, do nicer reallocs.
ok millert@ otto@
-rw-r--r--usr.bin/sed/process.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c
index 622eb502883..9aa2da86c80 100644
--- a/usr.bin/sed/process.c
+++ b/usr.bin/sed/process.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: process.c,v 1.11 2003/06/10 22:20:51 deraadt Exp $ */
+/* $OpenBSD: process.c,v 1.12 2003/11/07 02:58:23 tedu Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@@ -35,7 +35,7 @@
#ifndef lint
/* from: static char sccsid[] = "@(#)process.c 8.1 (Berkeley) 6/6/93"; */
-static char *rcsid = "$OpenBSD: process.c,v 1.11 2003/06/10 22:20:51 deraadt Exp $";
+static char *rcsid = "$OpenBSD: process.c,v 1.12 2003/11/07 02:58:23 tedu Exp $";
#endif /* not lint */
#include <sys/types.h>
@@ -106,10 +106,12 @@ redirect:
cp = cp->u.c;
goto redirect;
case 'a':
- if (appendx >= appendnum)
+ if (appendx >= appendnum) {
appends = xrealloc(appends,
sizeof(struct s_appends) *
- (appendnum *= 2));
+ (appendnum * 2));
+ appendnum *= 2;
+ }
appends[appendx].type = AP_STRING;
appends[appendx].s = cp->t;
appends[appendx].len = strlen(cp->t);
@@ -537,9 +539,10 @@ regsub(SPACE *sp, char *string, char *src)
char c, *dst;
#define NEEDSP(reqlen) \
- if (sp->len >= sp->blen - (reqlen) - 1) { \
- sp->blen += (reqlen) + 1024; \
- sp->space = sp->back = xrealloc(sp->back, sp->blen); \
+ if (sp->len + (reqlen) + 1 >= sp->blen) { \
+ size_t newlen = sp->blen + (reqlen) + 1024; \
+ sp->space = sp->back = xrealloc(sp->back, newlen); \
+ sp->blen = newlen; \
dst = sp->space + sp->len; \
}
@@ -582,8 +585,9 @@ cspace(SPACE *sp, char *p, size_t len, enum e_spflag spflag)
/* Make sure SPACE has enough memory and ramp up quickly. */
tlen = sp->len + len + 1;
if (tlen > sp->blen) {
- sp->blen = tlen + 1024;
- sp->space = sp->back = xrealloc(sp->back, sp->blen);
+ size_t newlen = tlen + 1024;
+ sp->space = sp->back = xrealloc(sp->back, newlen);
+ sp->blen = newlen;
}
if (spflag == REPLACE)