diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2007-09-03 21:14:59 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2007-09-03 21:14:59 +0000 |
| commit | 23d7a4715659bf714e06d6388b18d4017068305b (patch) | |
| tree | 96e68dd1f3c8ba3d1af59c7a3f220c82097bf86e | |
| parent | 21416088bcf1139b1c54f549e4a0057acf65f725 (diff) | |
move back to using malloc() instead of calloc(), because the yacc
skeleton really should only call malloc/realloc/free, no other external
APIs at all. theefore, add a pre-check for the overflow case, thus
protecting realloc too; tested mblamer, ok millert, help from kettenis
| -rw-r--r-- | usr.bin/yacc/skeleton.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/usr.bin/yacc/skeleton.c b/usr.bin/yacc/skeleton.c index 09e43768924..2b1739f2697 100644 --- a/usr.bin/yacc/skeleton.c +++ b/usr.bin/yacc/skeleton.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeleton.c,v 1.27 2007/09/02 15:19:36 deraadt Exp $ */ +/* $OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $ */ /* $NetBSD: skeleton.c,v 1.10 1996/03/25 00:36:18 mrg Exp $ */ /* @@ -63,7 +63,7 @@ char *banner[] = "#if __GNUC__ >= 2", " __attribute__ ((unused))", "#endif /* __GNUC__ >= 2 */", - " = \"$OpenBSD: skeleton.c,v 1.27 2007/09/02 15:19:36 deraadt Exp $\";", + " = \"$OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $\";", "#endif", "#include <stdlib.h>", "#define YYBYACC 1", @@ -164,14 +164,23 @@ char *body[] = " else if ((newsize *= 2) > YYMAXDEPTH)", " newsize = YYMAXDEPTH;", " i = yyssp - yyss;", + "#ifdef SIZE_MAX", + "#define YY_SIZE_MAX SIZE_MAX", + "#else", + "#define YY_SIZE_MAX 0xffffffffU", + "#endif", + " if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)", + " goto bail;", " newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :", - " (short *)calloc(newsize, sizeof *newss);", + " (short *)malloc(newsize * sizeof *newss); /* overflow check above */", " if (newss == NULL)", " goto bail;", " yyss = newss;", " yyssp = newss + i;", + " if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)", + " goto bail;", " newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :", - " (YYSTYPE *)calloc(newsize, sizeof *newvs);", + " (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */", " if (newvs == NULL)", " goto bail;", " yyvs = newvs;", |