diff --git a/ChangeLog b/ChangeLog index 15bedd0817..dbcac80268 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2003-09-24 Paul Eggert + + * argp/argp-fmtstream.c (__argp_fmtstream_ensure): Check for + size_t overflow when reallocating storage. + * argp/argp-help.c (make_hol, hol_append): Likewise. + (SIZE_MAX): New macro. + 2003-08-07 Alfred M. Szmidt * sysdeps/mach/hurd/bits/libc-lock.h diff --git a/argp/argp-help.c b/argp/argp-help.c index 8acc62d068..3a2cfb4936 100644 --- a/argp/argp-help.c +++ b/argp/argp-help.c @@ -73,6 +73,10 @@ char *alloca (); #include "argp.h" #include "argp-fmtstream.h" #include "argp-namefrob.h" + +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t) -1) +#endif /* User-selectable (using an environment variable) formatting parameters. @@ -441,7 +445,8 @@ make_hol (const struct argp *argp, struct hol_cluster *cluster) hol->entries = malloc (sizeof (struct hol_entry) * hol->num_entries); hol->short_options = malloc (num_short_options + 1); - assert (hol->entries && hol->short_options); + assert (hol->entries && hol->short_options + && hol->num_entries <= SIZE_MAX / sizeof (struct hol_entry)); /* Fill in the entries. */ so = hol->short_options; @@ -834,6 +839,9 @@ hol_append (struct hol *hol, struct hol *more) char *short_options = malloc (hol_so_len + strlen (more->short_options) + 1); + assert (entries && short_options + && num_entries <= SIZE_MAX / sizeof (struct hol_entry)); + __mempcpy (__mempcpy (entries, hol->entries, hol->num_entries * sizeof (struct hol_entry)), more->entries,