Prevent unintentional integer overflow in Strgrow

Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31467
author: Tatsuya Kinoshita <tats@debian.org> 2021-02-28 04:50:04 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2021-02-28 07:28:01 +0000
commit: b80ffae107f7a0e6854fc5e6e0c2385ea851e16f (patch)
tree: 255594d5bc156e1484fbde7595f3b8e0a709bd5d
parent: Revert "Fix OpenSSL default always overrides ssl_ca_file and ssl_ca_path" (diff)
download: w3m-b80ffae107f7a0e6854fc5e6e0c2385ea851e16f.tar.gz
w3m-b80ffae107f7a0e6854fc5e6e0c2385ea851e16f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Str.c b/Str.c
index ab083d2..4345168 100644
--- a/Str.c
+++ b/Str.c
@@ -256,7 +256,7 @@ Strgrow(Str x)
 {
     char *old = x->ptr;
     int newlen;
-    newlen = x->area_size * 6 / 5;
+    newlen = x->area_size + x->area_size / 5;
     if (newlen == x->area_size)
 	newlen += 2;
     if (newlen < 0 || newlen > STR_SIZE_MAX) {
author	Tatsuya Kinoshita <tats@debian.org>	2021-02-28 04:50:04 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2021-02-28 07:28:01 +0000
commit	b80ffae107f7a0e6854fc5e6e0c2385ea851e16f (patch)
tree	255594d5bc156e1484fbde7595f3b8e0a709bd5d
parent	Revert "Fix OpenSSL default always overrides ssl_ca_file and ssl_ca_path" (diff)
download	w3m-b80ffae107f7a0e6854fc5e6e0c2385ea851e16f.tar.gz w3m-b80ffae107f7a0e6854fc5e6e0c2385ea851e16f.zip