From dcbdb679aa8d5f49a6d9793a70c1d4860bfa2acf Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Sun, 28 Feb 2021 14:17:09 +0900 Subject: Prevent unintentional integer overflow in Strcat_charp_n Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31500 --- Str.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Str.c') diff --git a/Str.c b/Str.c index 4345168..aa47dc6 100644 --- a/Str.c +++ b/Str.c @@ -212,7 +212,7 @@ Strcat_charp_n(Str x, const char *y, int n) } if (x->area_size < newlen) { char *old = x->ptr; - newlen = newlen * 3 / 2; + newlen += newlen / 2; if (newlen < 0 || newlen > STR_SIZE_MAX) newlen = STR_SIZE_MAX; x->ptr = GC_MALLOC_ATOMIC(newlen); -- cgit v1.2.3