aboutsummaryrefslogtreecommitdiffstats
path: root/Str.c
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2021-02-28 04:50:04 +0000
committerTatsuya Kinoshita <tats@debian.org>2021-02-28 07:28:01 +0000
commitb80ffae107f7a0e6854fc5e6e0c2385ea851e16f (patch)
tree255594d5bc156e1484fbde7595f3b8e0a709bd5d /Str.c
parentRevert "Fix OpenSSL default always overrides ssl_ca_file and ssl_ca_path" (diff)
downloadw3m-b80ffae107f7a0e6854fc5e6e0c2385ea851e16f.tar.gz
w3m-b80ffae107f7a0e6854fc5e6e0c2385ea851e16f.zip
Prevent unintentional integer overflow in Strgrow
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31467
Diffstat (limited to 'Str.c')
-rw-r--r--Str.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/Str.c b/Str.c
index ab083d2..4345168 100644
--- a/Str.c
+++ b/Str.c
@@ -256,7 +256,7 @@ Strgrow(Str x)
{
char *old = x->ptr;
int newlen;
- newlen = x->area_size * 6 / 5;
+ newlen = x->area_size + x->area_size / 5;
if (newlen == x->area_size)
newlen += 2;
if (newlen < 0 || newlen > STR_SIZE_MAX) {