View | Details | Raw Unified | Return to bug 13506 | Differences between
and this patch

Collapse All | Expand All

(-)a/time/tzfile.c (-4 / +26 lines)
Lines 107-113 __tzfile_read (const char *file, size_t Link Here
107
  size_t num_isstd, num_isgmt;
107
  size_t num_isstd, num_isgmt;
108
  register FILE *f;
108
  register FILE *f;
109
  struct tzhead tzhead;
109
  struct tzhead tzhead;
110
  size_t chars;
110
  size_t chars, tmp;
111
  register size_t i;
111
  register size_t i;
112
  size_t total_size;
112
  size_t total_size;
113
  size_t types_idx;
113
  size_t types_idx;
Lines 238-248 __tzfile_read (const char *file, size_t Link Here
238
  total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
238
  total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
239
		& ~(__alignof__ (struct ttinfo) - 1));
239
		& ~(__alignof__ (struct ttinfo) - 1));
240
  types_idx = total_size;
240
  types_idx = total_size;
241
  total_size += num_types * sizeof (struct ttinfo) + chars;
241
242
  tmp = num_types * sizeof (struct ttinfo);
243
  if (total_size + tmp < tmp)
244
    goto lose;
245
  total_size += tmp;
246
247
  if (total_size + chars < chars)
248
    goto lose;
249
  total_size += chars;
250
242
  total_size = ((total_size + __alignof__ (struct leap) - 1)
251
  total_size = ((total_size + __alignof__ (struct leap) - 1)
243
		& ~(__alignof__ (struct leap) - 1));
252
		& ~(__alignof__ (struct leap) - 1));
244
  leaps_idx = total_size;
253
  leaps_idx = total_size;
245
  total_size += num_leaps * sizeof (struct leap);
254
255
  tmp = num_leaps * sizeof (struct leap);
256
  if (total_size + tmp < tmp)
257
    goto lose;
258
  total_size += tmp;
259
246
  tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
260
  tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
247
		? st.st_size - (ftello (f)
261
		? st.st_size - (ftello (f)
248
				+ num_transitions * (8 + 1)
262
				+ num_transitions * (8 + 1)
Lines 254-260 __tzfile_read (const char *file, size_t Link Here
254
268
255
  /* Allocate enough memory including the extra block requested by the
269
  /* Allocate enough memory including the extra block requested by the
256
     caller.  */
270
     caller.  */
257
  transitions = (time_t *) malloc (total_size + tzspec_len + extra);
271
  if (total_size + tzspec_len < total_size)
272
    goto lose;
273
  total_size += tzspec_len;
274
275
  if (total_size + extra < extra)
276
    goto lose;
277
  total_size += extra;
278
279
  transitions = (time_t *) malloc (total_size);
258
  if (transitions == NULL)
280
  if (transitions == NULL)
259
    goto lose;
281
    goto lose;
260
282

Return to bug 13506