svn commit: r250937 - stable/9/gnu/usr.bin/grep

Pedro F. Giffuni pfg at FreeBSD.org
Thu May 23 16:39:43 UTC 2013


Author: pfg
Date: Thu May 23 16:39:42 2013
New Revision: 250937
URL: http://svnweb.freebsd.org/changeset/base/250937

Log:
  MFC	r250823:
  
  grep: change some int types.
  
  Change several int variables to size_t, ssize_t, or ptrdiff_t.
  This should fix the bug described in CVE-2012-5667 when an input
  line is so long that its length cannot be stored in an int
  variable.
  
  Obtained from:	NetBSD

Modified:
  stable/9/gnu/usr.bin/grep/dfa.c
  stable/9/gnu/usr.bin/grep/grep.c
  stable/9/gnu/usr.bin/grep/search.c
Directory Properties:
  stable/9/   (props changed)

Modified: stable/9/gnu/usr.bin/grep/dfa.c
==============================================================================
--- stable/9/gnu/usr.bin/grep/dfa.c	Thu May 23 16:37:43 2013	(r250936)
+++ stable/9/gnu/usr.bin/grep/dfa.c	Thu May 23 16:39:42 2013	(r250937)
@@ -334,9 +334,10 @@ static int hard_LC_COLLATE;	/* Nonzero i
 #ifdef MBS_SUPPORT
 /* These variables are used only if (MB_CUR_MAX > 1).  */
 static mbstate_t mbs;		/* Mbstate for mbrlen().  */
-static int cur_mb_len;		/* Byte length of the current scanning
-				   multibyte character.  */
-static int cur_mb_index;        /* Byte index of the current scanning multibyte
+static ssize_t cur_mb_len;	/* Byte length of the current scanning
+				   multibyte character.  Must also handle
+				   negative result from mbrlen().  */
+static ssize_t cur_mb_index;	/* Byte index of the current scanning multibyte
                                    character.
 
 				   singlebyte character : cur_mb_index = 0
@@ -369,7 +370,7 @@ static unsigned char const *buf_end;	/* 
 /* This function update cur_mb_len, and cur_mb_index.
    p points current lexptr, len is the remaining buffer length.  */
 static void
-update_mb_len_index (unsigned char const *p, int len)
+update_mb_len_index (unsigned char const *p, size_t len)
 {
   /* If last character is a part of a multibyte character,
      we update cur_mb_index.  */
@@ -2463,7 +2464,7 @@ match_mb_charset (struct dfa *d, int s, 
   int match;		/* Flag which represent that matching succeed.  */
   int match_len;	/* Length of the character (or collating element)
 			   with which this operator match.  */
-  int op_len;		/* Length of the operator.  */
+  size_t op_len;	/* Length of the operator.  */
   char buffer[128];
   wchar_t wcbuf[6];
 

Modified: stable/9/gnu/usr.bin/grep/grep.c
==============================================================================
--- stable/9/gnu/usr.bin/grep/grep.c	Thu May 23 16:37:43 2013	(r250936)
+++ stable/9/gnu/usr.bin/grep/grep.c	Thu May 23 16:39:42 2013	(r250937)
@@ -1346,9 +1346,9 @@ int
 main (int argc, char **argv)
 {
   char *keys;
-  size_t keycc, oldcc, keyalloc;
+  size_t cc, keycc, oldcc, keyalloc;
   int with_filenames;
-  int opt, cc, status;
+  int opt, status;
   int default_context;
   FILE *fp;
   extern char *optarg;

Modified: stable/9/gnu/usr.bin/grep/search.c
==============================================================================
--- stable/9/gnu/usr.bin/grep/search.c	Thu May 23 16:37:43 2013	(r250936)
+++ stable/9/gnu/usr.bin/grep/search.c	Thu May 23 16:39:42 2013	(r250937)
@@ -112,7 +112,7 @@ static void
 kwsinit (void)
 {
   static char trans[NCHAR];
-  int i;
+  size_t i;
 
   if (match_icase)
     for (i = 0; i < NCHAR; ++i)
@@ -326,7 +326,8 @@ EGexecute (char const *buf, size_t size,
 {
   register char const *buflim, *beg, *end;
   char eol = eolbyte;
-  int backref, start, len;
+  int backref;
+  ptrdiff_t start, len;
   struct kwsmatch kwsm;
   size_t i, ret_val;
   static int use_dfa;


More information about the svn-src-stable mailing list