The regex code currently misbehaves badly if there's an arithmetic
overflow when calculating sizes, e.g., when doubling buffer sizes.
I'll attach a patch for all the instances of this that I found. These
patches are conservative, in the sense that when I couldn't determine
whether an overflow was possible, I inserted a run-time check.
Created attachment 645 [details]
add some size-overflow checks to regex code
Just to preempt Ulrich, with whom I agree in this case, the patch as is does not
Please redo the patch without the Idx type, as it could be a good thing to have.
Paul, could you recreate the patch so that it applies cleanly against the current git head?
Paul, could you redo the patch for current glibc, please?