#include <wchar.h>
#include <wctype.h>
#include <limits.h>
+#include <stdint.h>
#include <regex.h>
#define GET_NEXT_WCHAR() do { \
prev_c = next_c; pos += pos_add_next; \
if ((pos_add_next = mbtowc(&next_c, str_byte, MB_LEN_MAX)) <= 0) { \
- if (pos_add_next < 0) return REG_NOMATCH; \
+ if (pos_add_next < 0) { ret = REG_NOMATCH; goto error_exit; } \
else pos_add_next++; \
} \
str_byte += pos_add_next; \
int reg_notbol = eflags & REG_NOTBOL;
int reg_noteol = eflags & REG_NOTEOL;
int reg_newline = tnfa->cflags & REG_NEWLINE;
+ reg_errcode_t ret;
char *buf;
tre_tnfa_transition_t *trans_i;
/* Allocate memory for temporary data required for matching. This needs to
be done for every matching operation to be thread safe. This allocates
- everything in a single large block from the stack frame using alloca()
- or with malloc() if alloca is unavailable. */
+ everything in a single large block with calloc(). */
{
- int tbytes, rbytes, pbytes, xbytes, total_bytes;
+ size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
char *tmp_buf;
+
+ /* Ensure that tbytes and xbytes*num_states cannot overflow, and that
+ * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
+ if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
+ goto error_exit;
+
+ /* Likewise check rbytes. */
+ if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
+ goto error_exit;
+
+ /* Likewise check pbytes. */
+ if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
+ goto error_exit;
+
/* Compute the length of the block we need. */
tbytes = sizeof(*tmp_tags) * num_tags;
rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
+ (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes;
/* Allocate the memory. */
- buf = xmalloc((unsigned)total_bytes);
+ buf = calloc(total_bytes, 1);
if (buf == NULL)
return REG_ESPACE;
- memset(buf, 0, (size_t)total_bytes);
/* Get the various pointers within tmp_buf (properly aligned). */
tmp_tags = (void *)buf;
reach_next_i->state = NULL;
}
- if (buf)
- xfree(buf);
-
*match_end_ofs = match_eo;
- return match_eo >= 0 ? REG_OK : REG_NOMATCH;
+ ret = match_eo >= 0 ? REG_OK : REG_NOMATCH;
+error_exit:
+ xfree(buf);
+ return ret;
}
*/
int
-regexec(const regex_t *preg, const char *string,
- size_t nmatch, regmatch_t pmatch[], int eflags)
+regexec(const regex_t *restrict preg, const char *restrict string,
+ size_t nmatch, regmatch_t pmatch[restrict], int eflags)
{
tre_tnfa_t *tnfa = (void *)preg->TRE_REGEX_T_FIELD;
reg_errcode_t status;
int *tags = NULL, eo;
+ if (tnfa->cflags & REG_NOSUB) nmatch = 0;
if (tnfa->num_tags > 0 && nmatch > 0)
{
tags = xmalloc(sizeof(*tags) * tnfa->num_tags);