diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2021-02-28 05:17:09 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2021-02-28 07:16:08 +0000 |
commit | dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf (patch) | |
tree | fa7a3c9b2cc17bdce13674395aafd403162b778c | |
parent | Prevent unintentional integer overflow in Strgrow (diff) | |
download | w3m-dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf.tar.gz w3m-dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf.zip |
Prevent unintentional integer overflow in Strcat_charp_n
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31500
Diffstat (limited to '')
-rw-r--r-- | Str.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -212,7 +212,7 @@ Strcat_charp_n(Str x, const char *y, int n) } if (x->area_size < newlen) { char *old = x->ptr; - newlen = newlen * 3 / 2; + newlen += newlen / 2; if (newlen < 0 || newlen > STR_SIZE_MAX) newlen = STR_SIZE_MAX; x->ptr = GC_MALLOC_ATOMIC(newlen); |