From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-2880-listarch-glibc-bugs=sources.redhat.com@sources.redhat.com>
Received: (qmail 12149 invoked by alias); 2 Sep 2005 22:52:03 -0000
Mailing-List: contact glibc-bugs-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:glibc-bugs-subscribe@sources.redhat.com>
List-Post: <mailto:glibc-bugs@sources.redhat.com>
List-Help: <mailto:glibc-bugs-help@sources.redhat.com>, <http://sources.redhat.com/lists.html#faqs>
Sender: glibc-bugs-owner@sources.redhat.com
Received: (qmail 11950 invoked by uid 48); 2 Sep 2005 22:51:45 -0000
Date: Fri, 02 Sep 2005 22:52:00 -0000
From: "eggert at gnu dot org" <sourceware-bugzilla@sources.redhat.com>
To: glibc-bugs@sources.redhat.com
Message-ID: <20050902225143.1291.eggert@gnu.org>
Reply-To: sourceware-bugzilla@sources.redhat.com
Subject: [Bug regex/1291] New: size-overflow bugs in the regex code
X-Bugzilla-Reason: CC
X-SW-Source: 2005-09/txt/msg00024.txt.bz2
List-Id: <glibc-bugs.sourceware.org>

The regex code currently misbehaves badly if there's an arithmetic
overflow when calculating sizes, e.g., when doubling buffer sizes.
I'll attach a patch for all the instances of this that I found.  These
patches are conservative, in the sense that when I couldn't determine
whether an overflow was possible, I inserted a run-time check.

-- 
           Summary: size-overflow bugs in the regex code
           Product: glibc
           Version: 2.3.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: eggert at gnu dot org
                CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
                    bugs at sources dot redhat dot com
 BugsThisDependsOn: 1285


http://sources.redhat.com/bugzilla/show_bug.cgi?id=1291

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.