Prevent unintentional integer overflow in Strgrow

Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31467
2021-02-28 13:50:04 +09:00
parent 1c6819f329
commit f37f074cdf
1 changed files with 1 additions and 1 deletions
--- a/Str.c
+++ b/Str.c
@@ -256,7 +256,7 @@ Strgrow(Str x)
 {
    char *old = x->ptr;
    int newlen;
-    newlen = x->area_size * 6 / 5;
+    newlen = x->area_size + x->area_size / 5;
    if (newlen == x->area_size)
 	newlen += 2;
    if (newlen < 0 || newlen > STR_SIZE_MAX) {