1*d48bb178SPedro Giffuni--- misc/hunspell-1.3.3/src/hunspell/affixmgr.cxx 2010-02-27 12:59:53.000000000 +0100 2*d48bb178SPedro Giffuni+++ misc/build/hunspell-1.3.3/src/hunspell/affixmgr.cxx 2011-05-18 16:29:45.919141893 +0200 3*d48bb178SPedro Giffuni@@ -8,6 +8,8 @@ 4*d48bb178SPedro Giffuni 5*d48bb178SPedro Giffuni #include <vector> 65f295263SArmin Le Grand 75f295263SArmin Le Grand+#include <limits> 85f295263SArmin Le Grand+ 95f295263SArmin Le Grand #include "affixmgr.hxx" 105f295263SArmin Le Grand #include "affentry.hxx" 115f295263SArmin Le Grand #include "langnum.hxx" 12*d48bb178SPedro Giffuni@@ -4238,7 +4240,10 @@ 135f295263SArmin Le Grand case 3: { 145f295263SArmin Le Grand np++; 155f295263SArmin Le Grand numents = atoi(piece); 165f295263SArmin Le Grand- if (numents == 0) { 175f295263SArmin Le Grand+ if ((numents <= 0) || 185f295263SArmin Le Grand+ ((::std::numeric_limits<size_t>::max() 195f295263SArmin Le Grand+ / sizeof(struct affentry)) < numents)) 205f295263SArmin Le Grand+ { 215f295263SArmin Le Grand char * err = pHMgr->encode_flag(aflag); 225f295263SArmin Le Grand if (err) { 235f295263SArmin Le Grand HUNSPELL_WARNING(stderr, "error: line %d: bad entry number\n", 24*d48bb178SPedro Giffuni--- misc/hunspell-1.3.3/src/tools/munch.c 2010-02-27 21:49:49.000000000 +0100 25*d48bb178SPedro Giffuni+++ misc/build/hunspell-1.3.3/src/tools/munch.c 2011-05-18 15:53:53.427072106 +0200 265f295263SArmin Le Grand@@ -4,6 +4,7 @@ 275f295263SArmin Le Grand #include <string.h> 285f295263SArmin Le Grand #include <unistd.h> 295f295263SArmin Le Grand #include <stdlib.h> 305f295263SArmin Le Grand+#include <stdint.h> 315f295263SArmin Le Grand #include <stdio.h> 325f295263SArmin Le Grand #include <sys/types.h> 335f295263SArmin Le Grand #include <sys/stat.h> 34*d48bb178SPedro Giffuni@@ -235,10 +235,19 @@ 355f295263SArmin Le Grand case 1: { achar = *piece; break; } 365f295263SArmin Le Grand case 2: { if (*piece == 'Y') ff = XPRODUCT; break; } 375f295263SArmin Le Grand case 3: { numents = atoi(piece); 385f295263SArmin Le Grand- ptr = malloc(numents * sizeof(struct affent)); 395f295263SArmin Le Grand- ptr->achar = achar; 405f295263SArmin Le Grand- ptr->xpflg = ff; 415f295263SArmin Le Grand- fprintf(stderr,"parsing %c entries %d\n",achar,numents); 425f295263SArmin Le Grand+ if ((numents < 0) || 435f295263SArmin Le Grand+ ((SIZE_MAX/sizeof(struct affent)) < numents)) 445f295263SArmin Le Grand+ { 455f295263SArmin Le Grand+ fprintf(stderr, 465f295263SArmin Le Grand+ "Error: too many entries: %d\n", numents); 475f295263SArmin Le Grand+ numents = 0; 485f295263SArmin Le Grand+ } else { 495f295263SArmin Le Grand+ ptr = malloc(numents * sizeof(struct affent)); 505f295263SArmin Le Grand+ ptr->achar = achar; 515f295263SArmin Le Grand+ ptr->xpflg = ff; 525f295263SArmin Le Grand+ fprintf(stderr,"parsing %c entries %d\n", 535f295263SArmin Le Grand+ achar,numents); 545f295263SArmin Le Grand+ } 555f295263SArmin Le Grand break; 565f295263SArmin Le Grand } 575f295263SArmin Le Grand default: break; 58*d48bb178SPedro Giffuni--- misc/hunspell-1.3.3/src/tools/unmunch.c 2010-02-23 15:53:29.000000000 +0100 59*d48bb178SPedro Giffuni+++ misc/build/hunspell-1.3.3/src/tools/unmunch.c 2011-05-18 20:53:43.843599726 +0200 605f295263SArmin Le Grand@@ -6,6 +6,7 @@ 615f295263SArmin Le Grand #include <string.h> 625f295263SArmin Le Grand #include <unistd.h> 635f295263SArmin Le Grand #include <stdlib.h> 645f295263SArmin Le Grand+#include <stdint.h> 655f295263SArmin Le Grand #include <stdio.h> 665f295263SArmin Le Grand #include <sys/types.h> 675f295263SArmin Le Grand #include <sys/stat.h> 68*d48bb178SPedro Giffuni@@ -160,10 +161,19 @@ 695f295263SArmin Le Grand case 1: { achar = *piece; break; } 705f295263SArmin Le Grand case 2: { if (*piece == 'Y') ff = XPRODUCT; break; } 715f295263SArmin Le Grand case 3: { numents = atoi(piece); 725f295263SArmin Le Grand- ptr = malloc(numents * sizeof(struct affent)); 735f295263SArmin Le Grand- ptr->achar = achar; 745f295263SArmin Le Grand- ptr->xpflg = ff; 755f295263SArmin Le Grand- fprintf(stderr,"parsing %c entries %d\n",achar,numents); 765f295263SArmin Le Grand+ if ((numents < 0) || 775f295263SArmin Le Grand+ ((SIZE_MAX/sizeof(struct affent)) < numents)) 785f295263SArmin Le Grand+ { 795f295263SArmin Le Grand+ fprintf(stderr, 805f295263SArmin Le Grand+ "Error: too many entries: %d\n", numents); 815f295263SArmin Le Grand+ numents = 0; 825f295263SArmin Le Grand+ } else { 835f295263SArmin Le Grand+ ptr = malloc(numents * sizeof(struct affent)); 845f295263SArmin Le Grand+ ptr->achar = achar; 855f295263SArmin Le Grand+ ptr->xpflg = ff; 865f295263SArmin Le Grand+ fprintf(stderr,"parsing %c entries %d\n", 875f295263SArmin Le Grand+ achar,numents); 885f295263SArmin Le Grand+ } 895f295263SArmin Le Grand break; 905f295263SArmin Le Grand } 915f295263SArmin Le Grand default: break; 92