blob: 22e51443e800fedd0bdd71673d0b48f526fdaa00 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
$NetBSD: patch-ab,v 1.3 2010/04/20 17:07:28 minskim Exp $
--- dospecial.c.orig 2009-06-23 09:46:14.000000000 +0000
+++ dospecial.c
@@ -334,6 +334,12 @@ predospecial(integer numbytes, Boolean s
static int omega_specials = 0;
if (nextstring + numbytes > maxstring) {
+ if (numbytes < 0
+ || (numbytes > 0 && 2 > INT_MAX / numbytes)
+ || 2 * numbytes > 1000 + 2 * numbytes) {
+ error("! Integer overflow in predospecial");
+ exit(1);
+ }
p = nextstring = mymalloc(1000 + 2 * numbytes) ;
maxstring = nextstring + 2 * numbytes + 700 ;
}
|