Prevent heap-buffer-overflow in Strnew_size()

Bug-Debian: https://github.com/tats/w3m/issues/72
2016-12-10 17:41:01 +09:00
parent f763b8ebf5
commit 4381dffaa3
1 changed files with 2 additions and 0 deletions
--- a/Str.c
+++ b/Str.c
@@ -48,6 +48,8 @@ Str
 Strnew_size(int n)
 {
    Str x = GC_MALLOC(sizeof(struct _Str));
+    if (n < 0)
+	n = 0;
    x->ptr = GC_MALLOC_ATOMIC(n + 1);
    x->ptr[0] = '\0';
    x->area_size = n + 1;