From: Explorer09 <explorer09@gmail.com>
Date: Fri, 13 Oct 2017 08:59:26 +0000 (+0800)
Subject: scanner: prevent overflow in add_action()
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=23882383d45dcd37b5177835c873f4e1d9582db1;p=flex

scanner: prevent overflow in add_action()
---

diff --git a/src/misc.c b/src/misc.c
index fa33a5b..745e6a8 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -116,15 +116,14 @@ void add_action (const char *new_text)
 	int     len = (int) strlen (new_text);
 
 	while (len + action_index >= action_size - 10 /* slop */ ) {
-		int     new_size = action_size * 2;
 
-		if (new_size <= 0)
+		if (action_size > INT_MAX / 2)
 			/* Increase just a little, to try to avoid overflow
 			 * on 16-bit machines.
 			 */
 			action_size += action_size / 8;
 		else
-			action_size = new_size;
+			action_size = action_size * 2;
 
 		action_array =
 			reallocate_character_array (action_array,