From f37f074cdff6ec2dc722c5355b4cb9115b70fc20 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sun, 28 Feb 2021 13:50:04 +0900
Subject: Prevent unintentional integer overflow in Strgrow

Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31467
---
 Str.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Str.c')

diff --git a/Str.c b/Str.c
index ab083d2..4345168 100644
--- a/Str.c
+++ b/Str.c
@@ -256,7 +256,7 @@ Strgrow(Str x)
 {
     char *old = x->ptr;
     int newlen;
-    newlen = x->area_size * 6 / 5;
+    newlen = x->area_size + x->area_size / 5;
     if (newlen == x->area_size)
 	newlen += 2;
     if (newlen < 0 || newlen > STR_SIZE_MAX) {
-- 
cgit v1.2.3