1*d48bb178SPedro Giffuni--- misc/hunspell-1.3.3/src/hunspell/affixmgr.cxx 2010-02-27 12:59:53.000000000 +0100 2*d48bb178SPedro Giffuni+++ misc/build/hunspell-1.3.3/src/hunspell/affixmgr.cxx 2011-05-18 16:29:45.919141893 +0200 3*d48bb178SPedro Giffuni@@ -8,6 +8,8 @@ 4*d48bb178SPedro Giffuni 5*d48bb178SPedro Giffuni #include <vector> 6*d48bb178SPedro Giffuni 7*d48bb178SPedro Giffuni+#include <limits> 8*d48bb178SPedro Giffuni+ 9*d48bb178SPedro Giffuni #include "affixmgr.hxx" 10*d48bb178SPedro Giffuni #include "affentry.hxx" 11*d48bb178SPedro Giffuni #include "langnum.hxx" 12*d48bb178SPedro Giffuni@@ -4238,7 +4240,10 @@ 13*d48bb178SPedro Giffuni case 3: { 14*d48bb178SPedro Giffuni np++; 15*d48bb178SPedro Giffuni numents = atoi(piece); 16*d48bb178SPedro Giffuni- if (numents == 0) { 17*d48bb178SPedro Giffuni+ if ((numents <= 0) || 18*d48bb178SPedro Giffuni+ ((::std::numeric_limits<size_t>::max() 19*d48bb178SPedro Giffuni+ / sizeof(struct affentry)) < numents)) 20*d48bb178SPedro Giffuni+ { 21*d48bb178SPedro Giffuni char * err = pHMgr->encode_flag(aflag); 22*d48bb178SPedro Giffuni if (err) { 23*d48bb178SPedro Giffuni HUNSPELL_WARNING(stderr, "error: line %d: bad entry number\n", 24*d48bb178SPedro Giffuni--- misc/hunspell-1.3.3/src/tools/munch.c 2010-02-27 21:49:49.000000000 +0100 25*d48bb178SPedro Giffuni+++ misc/build/hunspell-1.3.3/src/tools/munch.c 2011-05-18 15:53:53.427072106 +0200 26*d48bb178SPedro Giffuni@@ -4,6 +4,7 @@ 27*d48bb178SPedro Giffuni #include <string.h> 28*d48bb178SPedro Giffuni #include <unistd.h> 29*d48bb178SPedro Giffuni #include <stdlib.h> 30*d48bb178SPedro Giffuni+#include <stdint.h> 31*d48bb178SPedro Giffuni #include <stdio.h> 32*d48bb178SPedro Giffuni #include <sys/types.h> 33*d48bb178SPedro Giffuni #include <sys/stat.h> 34*d48bb178SPedro Giffuni@@ -235,10 +235,19 @@ 35*d48bb178SPedro Giffuni case 1: { achar = *piece; break; } 36*d48bb178SPedro Giffuni case 2: { if (*piece == 'Y') ff = XPRODUCT; break; } 37*d48bb178SPedro Giffuni case 3: { numents = atoi(piece); 38*d48bb178SPedro Giffuni- ptr = malloc(numents * sizeof(struct affent)); 39*d48bb178SPedro Giffuni- ptr->achar = achar; 40*d48bb178SPedro Giffuni- ptr->xpflg = ff; 41*d48bb178SPedro Giffuni- fprintf(stderr,"parsing %c entries %d\n",achar,numents); 42*d48bb178SPedro Giffuni+ if ((numents < 0) || 43*d48bb178SPedro Giffuni+ ((SIZE_MAX/sizeof(struct affent)) < numents)) 44*d48bb178SPedro Giffuni+ { 45*d48bb178SPedro Giffuni+ fprintf(stderr, 46*d48bb178SPedro Giffuni+ "Error: too many entries: %d\n", numents); 47*d48bb178SPedro Giffuni+ numents = 0; 48*d48bb178SPedro Giffuni+ } else { 49*d48bb178SPedro Giffuni+ ptr = malloc(numents * sizeof(struct affent)); 50*d48bb178SPedro Giffuni+ ptr->achar = achar; 51*d48bb178SPedro Giffuni+ ptr->xpflg = ff; 52*d48bb178SPedro Giffuni+ fprintf(stderr,"parsing %c entries %d\n", 53*d48bb178SPedro Giffuni+ achar,numents); 54*d48bb178SPedro Giffuni+ } 55*d48bb178SPedro Giffuni break; 56*d48bb178SPedro Giffuni } 57*d48bb178SPedro Giffuni default: break; 58*d48bb178SPedro Giffuni--- misc/hunspell-1.3.3/src/tools/unmunch.c 2010-02-23 15:53:29.000000000 +0100 59*d48bb178SPedro Giffuni+++ misc/build/hunspell-1.3.3/src/tools/unmunch.c 2011-05-18 20:53:43.843599726 +0200 60*d48bb178SPedro Giffuni@@ -6,6 +6,7 @@ 61*d48bb178SPedro Giffuni #include <string.h> 62*d48bb178SPedro Giffuni #include <unistd.h> 63*d48bb178SPedro Giffuni #include <stdlib.h> 64*d48bb178SPedro Giffuni+#include <stdint.h> 65*d48bb178SPedro Giffuni #include <stdio.h> 66*d48bb178SPedro Giffuni #include <sys/types.h> 67*d48bb178SPedro Giffuni #include <sys/stat.h> 68*d48bb178SPedro Giffuni@@ -160,10 +161,19 @@ 69*d48bb178SPedro Giffuni case 1: { achar = *piece; break; } 70*d48bb178SPedro Giffuni case 2: { if (*piece == 'Y') ff = XPRODUCT; break; } 71*d48bb178SPedro Giffuni case 3: { numents = atoi(piece); 72*d48bb178SPedro Giffuni- ptr = malloc(numents * sizeof(struct affent)); 73*d48bb178SPedro Giffuni- ptr->achar = achar; 74*d48bb178SPedro Giffuni- ptr->xpflg = ff; 75*d48bb178SPedro Giffuni- fprintf(stderr,"parsing %c entries %d\n",achar,numents); 76*d48bb178SPedro Giffuni+ if ((numents < 0) || 77*d48bb178SPedro Giffuni+ ((SIZE_MAX/sizeof(struct affent)) < numents)) 78*d48bb178SPedro Giffuni+ { 79*d48bb178SPedro Giffuni+ fprintf(stderr, 80*d48bb178SPedro Giffuni+ "Error: too many entries: %d\n", numents); 81*d48bb178SPedro Giffuni+ numents = 0; 82*d48bb178SPedro Giffuni+ } else { 83*d48bb178SPedro Giffuni+ ptr = malloc(numents * sizeof(struct affent)); 84*d48bb178SPedro Giffuni+ ptr->achar = achar; 85*d48bb178SPedro Giffuni+ ptr->xpflg = ff; 86*d48bb178SPedro Giffuni+ fprintf(stderr,"parsing %c entries %d\n", 87*d48bb178SPedro Giffuni+ achar,numents); 88*d48bb178SPedro Giffuni+ } 89*d48bb178SPedro Giffuni break; 90*d48bb178SPedro Giffuni } 91*d48bb178SPedro Giffuni default: break; 92