Prevent unintentional integer overflow in Strcat_charp_n

Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31500
author: Tatsuya Kinoshita <tats@debian.org> 2021-02-28 05:17:09 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2021-02-28 07:16:08 +0000
commit: dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf (patch)
tree: fa7a3c9b2cc17bdce13674395aafd403162b778c /Str.c
parent: Prevent unintentional integer overflow in Strgrow (diff)
download: w3m-dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf.tar.gz
w3m-dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Str.c b/Str.c
index 4345168..aa47dc6 100644
--- a/Str.c
+++ b/Str.c
@@ -212,7 +212,7 @@ Strcat_charp_n(Str x, const char *y, int n)
     }
     if (x->area_size < newlen) {
 	char *old = x->ptr;
-	newlen = newlen * 3 / 2;
+	newlen += newlen / 2;
 	if (newlen < 0 || newlen > STR_SIZE_MAX)
 	    newlen = STR_SIZE_MAX;
 	x->ptr = GC_MALLOC_ATOMIC(newlen);
author	Tatsuya Kinoshita <tats@debian.org>	2021-02-28 05:17:09 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2021-02-28 07:16:08 +0000
commit	dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf (patch)
tree	fa7a3c9b2cc17bdce13674395aafd403162b778c /Str.c
parent	Prevent unintentional integer overflow in Strgrow (diff)
download	w3m-dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf.tar.gz w3m-dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf.zip