Change several int variables to size_t, ssize_t, or ptrdiff_t.

This should fix the bug described in CVE-2012-5667 when an input
line is so long that its length cannot be stored in an int
variable.

This change to NetBSD's version of GNU grep 2.5.1 (licenced under
GPLv2) was made without direct reference to any code licenced
under GPLv3.

Thanks to Ignatios Souvatzis for looking at GPLv3-derived
patches and describing the problem in general terms.  Thanks to
pkgsrc/devel/coccinelle for helping me find places where int
variables were used to store the results from pointer arithmetic
or strlen().  Thanks to Martin Husemann for testing.

gnu/dist/grep/lib/getopt.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: getopt.c,v 1.1.1.1 2003/01/26 23:15:12 wiz Exp $	*/
+/*	$NetBSD: getopt.c,v 1.2 2013/01/05 09:40:15 apb Exp $	*/
 
 /* Getopt for GNU.
    NOTE: The canonical source of this file is maintained with the GNU
@@ -431,7 +431,7 @@ _getopt_initialize (argc, argv, optstring)
 	  else
 	    {
 	      const char *orig_str = __getopt_nonoption_flags;
-	      int len = nonoption_flags_max_len = strlen (orig_str);
+	      size_t len = nonoption_flags_max_len = strlen (orig_str);
 	      if (nonoption_flags_max_len < argc)
 		nonoption_flags_max_len = argc;
 	      __getopt_nonoption_flags =

gnu/dist/grep/lib/regex.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: regex.c,v 1.1.1.1 2003/01/26 23:15:13 wiz Exp $	*/
+/*	$NetBSD: regex.c,v 1.2 2013/01/05 09:40:15 apb Exp $	*/
 
 /* Extended regular expression matching and search library,
    version 0.12.
@@ -1127,7 +1127,7 @@ print_double_string (where, string1, size1, string2, size2)
     int size1;
     int size2;
 {
-  int this_char;
+  ptrdiff_t this_char;
 
   if (where == NULL)
     printf ("(null)");

gnu/dist/grep/src/ansi2knr.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ansi2knr.c,v 1.1.1.1 2003/01/26 23:15:29 wiz Exp $	*/
+/*	$NetBSD: ansi2knr.c,v 1.2 2013/01/05 09:40:16 apb Exp $	*/
 
 /* Copyright (C) 1989, 1997, 1998, 1999 Aladdin Enterprises.  All rights reserved. */
 
@@ -461,7 +461,7 @@ test1(buf)
 	   }
 	   {
 	       char *id = p;
-	       int len;
+	       ptrdiff_t len;
 	       /*
 		* Check for identifier1(identifier2) and not
 		* identifier1(void), or identifier1(identifier2, xxxx).

gnu/dist/grep/src/dfa.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: dfa.c,v 1.2 2003/01/26 23:55:52 wiz Exp $	*/
+/*	$NetBSD: dfa.c,v 1.3 2013/01/05 09:40:16 apb Exp $	*/
 
 /* dfa.c - deterministic extended regexp routines for GNU
    Copyright 1988, 1998, 2000 Free Software Foundation, Inc.
@@ -334,9 +334,10 @@ static int hard_LC_COLLATE;	/* Nonzero if LC_COLLATE is hard.  */
 #ifdef MBS_SUPPORT
 /* These variables are used only if (MB_CUR_MAX > 1).  */
 static mbstate_t mbs;		/* Mbstate for mbrlen().  */
-static int cur_mb_len;		/* Byte length of the current scanning
+static ssize_t cur_mb_len;	/* Byte length of the current scanning
-				   multibyte character.  */
+				   multibyte character.  Must also handle
-static int cur_mb_index;        /* Byte index of the current scanning multibyte
+				   negative result from mbrlen().  */
+static ssize_t cur_mb_index;    /* Byte index of the current scanning multibyte
                                    character.
 
 				   singlebyte character : cur_mb_index = 0
@@ -369,7 +370,7 @@ static unsigned char const *buf_end;	/* refference to end in dfaexec().  */
 /* This function update cur_mb_len, and cur_mb_index.
    p points current lexptr, len is the remaining buffer length.  */
 static void
-update_mb_len_index (unsigned char const *p, int len)
+update_mb_len_index (unsigned char const *p, size_t len)
 {
   /* If last character is a part of a multibyte character,
      we update cur_mb_index.  */
@@ -2465,7 +2466,7 @@ match_mb_charset (struct dfa *d, int s, position pos, int index)
   int match;		/* Flag which represent that matching succeed.  */
   int match_len;	/* Length of the character (or collating element)
 			   with which this operator match.  */
-  int op_len;		/* Length of the operator.  */
+  size_t op_len;	/* Length of the operator.  */
   char buffer[128];
   wchar_t wcbuf[6];
 

gnu/dist/grep/src/grep.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: grep.c,v 1.13 2010/09/28 00:54:04 dholland Exp $	*/
+/*	$NetBSD: grep.c,v 1.14 2013/01/05 09:40:16 apb Exp $	*/
 
 /* grep.c - main driver file for grep.
    Copyright 1992, 1997-1999, 2000 Free Software Foundation, Inc.
@@ -1286,9 +1286,9 @@ int
 main (int argc, char **argv)
 {
   char *keys;
-  size_t keycc, oldcc, keyalloc;
+  size_t cc, keycc, oldcc, keyalloc;
   int with_filenames;
-  int opt, cc, status;
+  int opt, status;
   int default_context;
   FILE *fp;
   extern char *optarg;

gnu/dist/grep/src/search.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: search.c,v 1.3 2008/08/01 15:24:35 christos Exp $	*/
+/*	$NetBSD: search.c,v 1.4 2013/01/05 09:40:16 apb Exp $	*/
 
 /* search.c - searching subroutines using dfa, kwset and regex for grep.
    Copyright 1992, 1998, 2000 Free Software Foundation, Inc.
@@ -153,7 +153,7 @@ check_multibyte_string(char const *buf, size_t size)
 {
   char *mb_properties = malloc(size);
   mbstate_t cur_state;
-  int i;
+  size_t i;
   memset(&cur_state, 0, sizeof(mbstate_t));
   memset(mb_properties, 0, sizeof(char)*size);
   for (i = 0; i < size ;)
@@ -339,7 +339,8 @@ EGexecute (char const *buf, size_t size, size_t *match_size, int exact)
 {
   register char const *buflim, *beg, *end;
   char eol = eolbyte;
-  int backref, start, len;
+  int backref;
+  ptrdiff_t start, len;
   struct kwsmatch kwsm;
   size_t i;
 #ifdef MBS_SUPPORT