blob: ab6fd8b1adeab8ddf65f36dfde0df9b1d63b43a9 (
plain) (
tree)
|
|
Subject: Prevent unintentional integer overflow in libwc
Author: Tatsuya Kinoshita <tats@debian.org>
diff --git a/libwc/utf7.c b/libwc/utf7.c
index 44a3330..874bc3d 100644
--- a/libwc/utf7.c
+++ b/libwc/utf7.c
@@ -73,7 +73,7 @@ wc_conv_from_utf7(Str is, wc_ces ces)
;
if (p == ep)
return is;
- os = Strnew_size(is->length * 4 / 3);
+ os = Strnew_size(is->length + is->length / 3);
if (p > sp)
Strcat_charp_n(os, is->ptr, (int)(p - sp));
diff --git a/libwc/utf8.c b/libwc/utf8.c
index e523139..c878499 100644
--- a/libwc/utf8.c
+++ b/libwc/utf8.c
@@ -150,7 +150,7 @@ wc_conv_from_utf8(Str is, wc_ces ces)
;
if (p == ep)
return is;
- os = Strnew_size(is->length * 4 / 3);
+ os = Strnew_size(is->length + is->length / 3);
if (p > sp)
Strcat_charp_n(os, is->ptr, (int)(p - sp));
|