1*67076910SArmin Le Grand--- misc/mythes-1.2.0/mythes.cxx 2010-02-27 16:52:52.000000000 +0100 2*67076910SArmin Le Grand+++ misc/build/mythes-1.2.0/mythes.cxx 2011-05-18 16:22:49.125014204 +0200 3*67076910SArmin Le Grand@@ -4,6 +4,8 @@ 4*67076910SArmin Le Grand #include <stdlib.h> 5*67076910SArmin Le Grand #include <errno.h> 6*67076910SArmin Le Grand 7*67076910SArmin Le Grand+#include <limits> 8*67076910SArmin Le Grand+ 9*67076910SArmin Le Grand #include "mythes.hxx" 10*67076910SArmin Le Grand 11*67076910SArmin Le Grand // some basic utility routines 12*67076910SArmin Le Grand@@ -204,6 +206,12 @@ 13*67076910SArmin Le Grand return 0; 14*67076910SArmin Le Grand } 15*67076910SArmin Le Grand int nmeanings = atoi(buf+np+1); 16*67076910SArmin Le Grand+ if ((nmeanings < 0) || 17*67076910SArmin Le Grand+ ((::std::numeric_limits<size_t>::max() / sizeof(mentry)) < nmeanings)) 18*67076910SArmin Le Grand+ { 19*67076910SArmin Le Grand+ free(buf); 20*67076910SArmin Le Grand+ return 0; 21*67076910SArmin Le Grand+ } 22*67076910SArmin Le Grand *pme = (mentry*) malloc( nmeanings * sizeof(mentry) ); 23*67076910SArmin Le Grand if (!(*pme)) { 24*67076910SArmin Le Grand free(buf); 25