aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2021-02-28 04:50:04 +0000
committerTatsuya Kinoshita <tats@debian.org>2021-02-28 07:16:06 +0000
commitf37f074cdff6ec2dc722c5355b4cb9115b70fc20 (patch)
treeab03866472e11c8c89a810117eebe71934e50d01
parentUpdate ChangeLog (diff)
downloadw3m-f37f074cdff6ec2dc722c5355b4cb9115b70fc20.tar.gz
w3m-f37f074cdff6ec2dc722c5355b4cb9115b70fc20.zip
Prevent unintentional integer overflow in Strgrow
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31467
-rw-r--r--Str.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/Str.c b/Str.c
index ab083d2..4345168 100644
--- a/Str.c
+++ b/Str.c
@@ -256,7 +256,7 @@ Strgrow(Str x)
{
char *old = x->ptr;
int newlen;
- newlen = x->area_size * 6 / 5;
+ newlen = x->area_size + x->area_size / 5;
if (newlen == x->area_size)
newlen += 2;
if (newlen < 0 || newlen > STR_SIZE_MAX) {