Prevent unintentional integer overflow in Strcat_charp_n
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31500
This commit is contained in:
Tatsuya Kinoshita
2
Str.c
2
Str.c
@@ -212,7 +212,7 @@ Strcat_charp_n(Str x, const char *y, int n)
|
|||||||
}
|
}
|
||||||
if (x->area_size < newlen) {
|
if (x->area_size < newlen) {
|
||||||
char *old = x->ptr;
|
char *old = x->ptr;
|
||||||
newlen = newlen * 3 / 2;
|
newlen += newlen / 2;
|
||||||
if (newlen < 0 || newlen > STR_SIZE_MAX)
|
if (newlen < 0 || newlen > STR_SIZE_MAX)
|
||||||
newlen = STR_SIZE_MAX;
|
newlen = STR_SIZE_MAX;
|
||||||
x->ptr = GC_MALLOC_ATOMIC(newlen);
|
x->ptr = GC_MALLOC_ATOMIC(newlen);
|
||||||
|
|||||||
Reference in New Issue
Block a user