storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent unintentional integer overflow in Strcat_charp_n

Browse Source 
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31500
This commit is contained in:
Tatsuya Kinoshita
2021-02-28 14:17:09 +09:00
parent f37f074cdf
commit dcbdb679aa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Str.c
View File

@@ -212,7 +212,7 @@ Strcat_charp_n(Str x, const char *y, int n)
}
if (x->area_size < newlen) {
char *old = x->ptr;
newlen = newlen * 3 / 2;
newlen += newlen / 2;
if (newlen < 0 || newlen > STR_SIZE_MAX)
newlen = STR_SIZE_MAX;
x->ptr = GC_MALLOC_ATOMIC(newlen);