View | Details | Raw Unified | Return to bug 13506 | Differences between
and this patch

Collapse All | Expand All

(-)a/time/tzfile.c (+16 lines)
Lines 234-247 __tzfile_read (const char *file, size_t extra, char **extrap) Link Here
234
      goto read_again;
234
      goto read_again;
235
    }
235
    }
236
236
237
  if (num_transitions
238
      > ((SIZE_MAX - (__alignof__ (struct ttinfo) - 1)) / (sizeof (time_t) + 1)))
239
    goto lose;
237
  total_size = num_transitions * (sizeof (time_t) + 1);
240
  total_size = num_transitions * (sizeof (time_t) + 1);
238
  total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
241
  total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
239
		& ~(__alignof__ (struct ttinfo) - 1));
242
		& ~(__alignof__ (struct ttinfo) - 1));
240
  types_idx = total_size;
243
  types_idx = total_size;
244
  if (num_types > SIZE_MAX / sizeof (struct ttinfo)
245
      || total_size + num_types * sizeof (struct ttinfo) < total_size
246
      || total_size + num_types * sizeof (struct ttinfo) + chars < chars
247
      || ((total_size + num_types * sizeof (struct ttinfo) + chars
248
	   + __alignof__ (struct leap) - 1)
249
	  < __alignof__ (struct leap) - 1))
250
    goto lose;
241
  total_size += num_types * sizeof (struct ttinfo) + chars;
251
  total_size += num_types * sizeof (struct ttinfo) + chars;
242
  total_size = ((total_size + __alignof__ (struct leap) - 1)
252
  total_size = ((total_size + __alignof__ (struct leap) - 1)
243
		& ~(__alignof__ (struct leap) - 1));
253
		& ~(__alignof__ (struct leap) - 1));
244
  leaps_idx = total_size;
254
  leaps_idx = total_size;
255
  if (num_leaps > SIZE_MAX / sizeof (struct leap)
256
      || total_size + num_leaps * sizeof (struct leap) < total_size)
257
    goto lose;
245
  total_size += num_leaps * sizeof (struct leap);
258
  total_size += num_leaps * sizeof (struct leap);
246
  tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
259
  tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
247
		? st.st_size - (ftello (f)
260
		? st.st_size - (ftello (f)
Lines 251-256 __tzfile_read (const char *file, size_t extra, char **extrap) Link Here
251
				+ num_leaps * 12
264
				+ num_leaps * 12
252
				+ num_isstd
265
				+ num_isstd
253
				+ num_isgmt) - 1 : 0);
266
				+ num_isgmt) - 1 : 0);
267
  if (total_size + tzspec_len < tzspec_len
268
      || total_size + tzspec_len + extra < extra)
269
    goto lose;
254
270
255
  /* Allocate enough memory including the extra block requested by the
271
  /* Allocate enough memory including the extra block requested by the
256
     caller.  */
272
     caller.  */

Return to bug 13506