From 79f534ffdf6446412b04a023435eb5de15c2d1f3 Mon Sep 17 00:00:00 2001
From: leitner <leitner>
Date: Thu, 9 Apr 2015 18:23:23 +0000
Subject: [PATCH]   SECURITY: fix botched integer overflow handling logic in
 stralloc_ready (Giorgio)

---
 CHANGES                   | 1 +
 stralloc/stralloc_ready.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 0741e83..96c3f31 100644
--- a/CHANGES
+++ b/CHANGES
@@ -28,6 +28,7 @@
     zero length buffer
   if SOCK_NONBLOCK is defined, use it instead of socket+fcntl
   ... but if errno==EINVAL still fall back to socket+fcntl (Robert Henney)
+  SECURITY: fix botched integer overflow handling logic in stralloc_ready (Giorgio)
 
 0.29:
   save 8 bytes in taia.h for 64-bit systems
diff --git a/stralloc/stralloc_ready.c b/stralloc/stralloc_ready.c
index dee19b5..3ea3ba3 100644
--- a/stralloc/stralloc_ready.c
+++ b/stralloc/stralloc_ready.c
@@ -9,7 +9,8 @@
  * old space, and returns 1. Note that this changes sa.s. */
 int stralloc_ready(stralloc *sa,size_t len) {
   register size_t wanted=len+(len>>3)+30; /* heuristic from djb */
-  if (wanted<len || !sa->s || sa->a<len) {
+  if (wanted<len) wanted=len;
+  if (!sa->s || sa->a<len) {
     register char* tmp;
     if (!(tmp=realloc(sa->s,wanted)))
       return 0;