summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2015-04-13 05:11:24 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2015-04-13 05:11:24 +0000
commit2aa34a240ee8a53a55686ea49b5d8cbd6cb98f4c (patch)
treed8bcaebf8f78d95a6ee92328372b6fc4d0502ed4
parent0939e9dd0de8dea8a55a15a0bf786f2086f57117 (diff)
correct multiplication idiom during xreallocarray, and expand appendnum
to size_t to avoid overflow after allocation success ok guenther doug
-rw-r--r--usr.bin/sed/extern.h4
-rw-r--r--usr.bin/sed/process.c16
2 files changed, 11 insertions, 9 deletions
diff --git a/usr.bin/sed/extern.h b/usr.bin/sed/extern.h
index 2f11a308157..6d2c0324cfd 100644
--- a/usr.bin/sed/extern.h
+++ b/usr.bin/sed/extern.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: extern.h,v 1.8 2015/01/19 15:30:52 krw Exp $ */
+/* $OpenBSD: extern.h,v 1.9 2015/04/13 05:11:23 deraadt Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
* Copyright (c) 1992, 1993
@@ -39,7 +39,7 @@ extern struct s_appends *appends;
extern regmatch_t *match;
extern size_t maxnsub;
extern u_long linenum;
-extern int appendnum;
+extern size_t appendnum;
extern int lastline;
extern int Eflag, aflag, eflag, nflag;
extern char *fname;
diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c
index dee318952da..12385b844a4 100644
--- a/usr.bin/sed/process.c
+++ b/usr.bin/sed/process.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: process.c,v 1.21 2014/12/12 03:22:35 jsg Exp $ */
+/* $OpenBSD: process.c,v 1.22 2015/04/13 05:11:23 deraadt Exp $ */
/*-
* Copyright (c) 1992 Diomidis Spinellis.
@@ -67,7 +67,7 @@ static int substitute(struct s_command *);
struct s_appends *appends; /* Array of pointers to strings to append. */
static int appendx; /* Index into appends array. */
-int appendnum; /* Size of appends array. */
+size_t appendnum; /* Size of appends array. */
static int lastaddr; /* Set by applies if last address of a range. */
static int sdone; /* If any substitutes since last line input. */
@@ -103,8 +103,8 @@ redirect:
case 'a':
if (appendx >= appendnum) {
appends = xreallocarray(appends,
- appendnum *= 2,
- sizeof(struct s_appends));
+ appendnum,
+ 2 * sizeof(struct s_appends));
appendnum *= 2;
}
appends[appendx].type = AP_STRING;
@@ -196,10 +196,12 @@ redirect:
flush_appends();
exit(0);
case 'r':
- if (appendx >= appendnum)
+ if (appendx >= appendnum) {
appends = xreallocarray(appends,
- appendnum *= 2,
- sizeof(struct s_appends));
+ appendnum,
+ 2 * sizeof(struct s_appends));
+ appendnum *= 2;
+ }
appends[appendx].type = AP_FILE;
appends[appendx].s = cp->t;
appends[appendx].len = strlen(cp->t);