91 lines
4 KiB
Diff
91 lines
4 KiB
Diff
--- misc/hunspell-1.3.2/src/hunspell/affixmgr.cxx 2010-02-27 12:59:53.000000000 +0100
|
|
+++ misc/build/hunspell-1.3.2/src/hunspell/affixmgr.cxx 2011-05-18 16:29:45.919141893 +0200
|
|
@@ -6,6 +6,8 @@
|
|
#include <stdio.h>
|
|
#include <ctype.h>
|
|
|
|
+#include <limits>
|
|
+
|
|
#include <vector>
|
|
|
|
#include "affixmgr.hxx"
|
|
@@ -4000,7 +4002,10 @@
|
|
case 3: {
|
|
np++;
|
|
numents = atoi(piece);
|
|
- if (numents == 0) {
|
|
+ if ((numents <= 0) ||
|
|
+ ((::std::numeric_limits<size_t>::max()
|
|
+ / sizeof(struct affentry)) < numents))
|
|
+ {
|
|
char * err = pHMgr->encode_flag(aflag);
|
|
if (err) {
|
|
HUNSPELL_WARNING(stderr, "error: line %d: bad entry number\n",
|
|
--- misc/hunspell-1.3.2/src/tools/munch.c 2010-02-27 21:49:49.000000000 +0100
|
|
+++ misc/build/hunspell-1.3.2/src/tools/munch.c 2011-05-18 15:53:53.427072106 +0200
|
|
@@ -4,6 +4,7 @@
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
+#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
@@ -233,10 +233,19 @@
|
|
case 1: { achar = *piece; break; }
|
|
case 2: { if (*piece == 'Y') ff = XPRODUCT; break; }
|
|
case 3: { numents = atoi(piece);
|
|
- ptr = malloc(numents * sizeof(struct affent));
|
|
- ptr->achar = achar;
|
|
- ptr->xpflg = ff;
|
|
- fprintf(stderr,"parsing %c entries %d\n",achar,numents);
|
|
+ if ((numents < 0) ||
|
|
+ ((SIZE_MAX/sizeof(struct affent)) < numents))
|
|
+ {
|
|
+ fprintf(stderr,
|
|
+ "Error: too many entries: %d\n", numents);
|
|
+ numents = 0;
|
|
+ } else {
|
|
+ ptr = malloc(numents * sizeof(struct affent));
|
|
+ ptr->achar = achar;
|
|
+ ptr->xpflg = ff;
|
|
+ fprintf(stderr,"parsing %c entries %d\n",
|
|
+ achar,numents);
|
|
+ }
|
|
break;
|
|
}
|
|
default: break;
|
|
--- misc/hunspell-1.3.2/src/tools/unmunch.c 2010-02-23 15:53:29.000000000 +0100
|
|
+++ misc/build/hunspell-1.3.2/src/tools/unmunch.c 2011-05-18 20:53:43.843599726 +0200
|
|
@@ -6,6 +6,7 @@
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
+#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
@@ -158,10 +159,19 @@
|
|
case 1: { achar = *piece; break; }
|
|
case 2: { if (*piece == 'Y') ff = XPRODUCT; break; }
|
|
case 3: { numents = atoi(piece);
|
|
- ptr = malloc(numents * sizeof(struct affent));
|
|
- ptr->achar = achar;
|
|
- ptr->xpflg = ff;
|
|
- fprintf(stderr,"parsing %c entries %d\n",achar,numents);
|
|
+ if ((numents < 0) ||
|
|
+ ((SIZE_MAX/sizeof(struct affent)) < numents))
|
|
+ {
|
|
+ fprintf(stderr,
|
|
+ "Error: too many entries: %d\n", numents);
|
|
+ numents = 0;
|
|
+ } else {
|
|
+ ptr = malloc(numents * sizeof(struct affent));
|
|
+ ptr->achar = achar;
|
|
+ ptr->xpflg = ff;
|
|
+ fprintf(stderr,"parsing %c entries %d\n",
|
|
+ achar,numents);
|
|
+ }
|
|
break;
|
|
}
|
|
default: break;
|