diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2021-02-28 04:50:04 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2021-02-28 07:16:06 +0000 |
commit | f37f074cdff6ec2dc722c5355b4cb9115b70fc20 (patch) | |
tree | ab03866472e11c8c89a810117eebe71934e50d01 | |
parent | Update ChangeLog (diff) | |
download | w3m-f37f074cdff6ec2dc722c5355b4cb9115b70fc20.tar.gz w3m-f37f074cdff6ec2dc722c5355b4cb9115b70fc20.zip |
Prevent unintentional integer overflow in Strgrow
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31467
-rw-r--r-- | Str.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -256,7 +256,7 @@ Strgrow(Str x) { char *old = x->ptr; int newlen; - newlen = x->area_size * 6 / 5; + newlen = x->area_size + x->area_size / 5; if (newlen == x->area_size) newlen += 2; if (newlen < 0 || newlen > STR_SIZE_MAX) { |