diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2017-04-27 15:21:34 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-04-27 15:24:07 -0700 |
commit | abd769131dae3f9693faff9a080267e86936ce99 (patch) | |
tree | 316cc01ca8f7e8917bf28ff50c5719f8dff02c2c /lib/time_rz.c | |
parent | 2a23577795f8b644a215fae68e990c07f0146d33 (diff) | |
download | emacs-abd769131dae3f9693faff9a080267e86936ce99.tar.gz |
Merge from gnulib
This incorporates:
2017-04-24 time_rz: fix heap buffer overflow vulnerability
2017-04-23 stat-time: Update comments.
2017-04-22 ftoastr: cite a newer paper
2017-04-21 gettext-h: Avoid -Wundef warning.
* lib/ftoastr.c, lib/gettext.h, lib/stat-time.h, lib/time_rz.c:
* m4/getopt.m4: Copy from gnulib.
* m4/gnulib-comp.m4: Regenerate.
Diffstat (limited to 'lib/time_rz.c')
-rw-r--r-- | lib/time_rz.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lib/time_rz.c b/lib/time_rz.c index adb9c1c2361..c41a8ef47ac 100644 --- a/lib/time_rz.c +++ b/lib/time_rz.c @@ -27,6 +27,7 @@ #include <time.h> #include <errno.h> +#include <limits.h> #include <stdbool.h> #include <stddef.h> #include <stdlib.h> @@ -35,6 +36,10 @@ #include "flexmember.h" #include "time-internal.h" +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t) -1) +#endif + #if !HAVE_TZSET static void tzset (void) { } #endif @@ -43,7 +48,7 @@ static void tzset (void) { } the largest "small" request for the GNU C library malloc. */ enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 }; -/* Minimum size of the ABBRS member of struct abbr. ABBRS is larger +/* Minimum size of the ABBRS member of struct tm_zone. ABBRS is larger only in the unlikely case where an abbreviation longer than this is used. */ enum { ABBR_SIZE_MIN = DEFAULT_MXFAST - offsetof (struct tm_zone, abbrs) }; @@ -150,7 +155,13 @@ save_abbr (timezone_t tz, struct tm *tm) if (! (*zone_copy || (zone_copy == tz->abbrs && tz->tz_is_set))) { size_t zone_size = strlen (zone) + 1; - if (zone_size < tz->abbrs + ABBR_SIZE_MIN - zone_copy) + size_t zone_used = zone_copy - tz->abbrs; + if (SIZE_MAX - zone_used < zone_size) + { + errno = ENOMEM; + return false; + } + if (zone_used + zone_size < ABBR_SIZE_MIN) extend_abbrs (zone_copy, zone, zone_size); else { |