From ff5dba831910c91e293220b652be868e9cfdc8e1 Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Tue, 8 Nov 2022 18:09:57 +0900
Subject: Return ONIGERR_MEMORY if it fails to allocate memory for
 cache_match_opt

---
 regexec.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'regexec.c')

diff --git a/regexec.c b/regexec.c
index 0bd4c8a96c..acf03f2501 100644
--- a/regexec.c
+++ b/regexec.c
@@ -3833,20 +3833,22 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
 	if (msa->cache_index_table == NULL) {
 	  OnigCacheIndex *table = (OnigCacheIndex *)xmalloc(table_size * sizeof(OnigCacheIndex));
 	  if (table == NULL) {
-	    msa->enable_cache_match_opt = 0;
-	    goto fail_match_cache_opt;
+	    return ONIGERR_MEMORY;
 	  }
 	  init_cache_index_table(reg, table);
 	  msa->cache_index_table = table;
 	  msa->num_cache_table = table_size;
 	}
-	// TODO: check arithemetic overflow.
-	int match_cache_size8 = msa->num_cache_opcode * ((int)(end - str) + 1);
-	int match_cache_size = (match_cache_size8 >> 3) + (match_cache_size8 & 7 ? 1 : 0);
+	size_t len = (end - str) + 1;
+	size_t match_cache_size8 = (size_t)msa->num_cache_opcode * len;
+	/* overflow check */
+	if (match_cache_size8 / len != (size_t)msa->num_cache_opcode) {
+	  return ONIGERR_MEMORY;
+	}
+	size_t match_cache_size = (match_cache_size8 >> 3) + (match_cache_size8 & 7 ? 1 : 0);
 	msa->match_cache = (uint8_t*)xmalloc(match_cache_size * sizeof(uint8_t));
 	if (msa->match_cache == NULL) {
-	  msa->enable_cache_match_opt = 0;
-	  goto fail_match_cache_opt;
+	  return ONIGERR_MEMORY;
 	}
 	xmemset(msa->match_cache, 0, match_cache_size * sizeof(uint8_t));
       }
-- 
cgit v1.2.1