scanner: prevent overflow in add_action()

author Explorer09 <explorer09@gmail.com>

Fri, 13 Oct 2017 08:59:26 +0000 (16:59 +0800)

committer Will Estes <westes575@gmail.com>

Wed, 6 Dec 2017 21:23:25 +0000 (16:23 -0500)
author Explorer09 <explorer09@gmail.com>
Fri, 13 Oct 2017 08:59:26 +0000 (16:59 +0800)
committer Will Estes <westes575@gmail.com>
Wed, 6 Dec 2017 21:23:25 +0000 (16:23 -0500)
diff --git a/src/misc.c b/src/misc.c

index fa33a5bc6b6dd4981bc4fde042bc8732002f2374..745e6a8f30f9bac88b11f28e84caebbfc950db49 100644 (file)
--- a/src/misc.c
+++ b/src/misc.c
@@ -116,15 +116,14 @@ void add_action (const char *new_text)
         int     len = (int) strlen (new_text);
  
         while (len + action_index >= action_size - 10 /* slop */ ) {
-               int     new_size = action_size * 2;
  
-               if (new_size <= 0)
+               if (action_size > INT_MAX / 2)
                         /* Increase just a little, to try to avoid overflow
                          * on 16-bit machines.
                          */
                         action_size += action_size / 8;
                 else
-                       action_size = new_size;
+                       action_size = action_size * 2;
  
                 action_array =
                         reallocate_character_array (action_array,
author	Explorer09 <explorer09@gmail.com>
	Fri, 13 Oct 2017 08:59:26 +0000 (16:59 +0800)
committer	Will Estes <westes575@gmail.com>
	Wed, 6 Dec 2017 21:23:25 +0000 (16:23 -0500)