From c706f2a34d1216c9b22aad4265317f92f3189cec Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Thu, 25 Sep 2003 05:34:28 +0000
Subject: (__argp_fmtstream_ensure): Check for size_t overflow when
 reallocating storage.

---
 argp/argp-fmtstream.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'argp')

diff --git a/argp/argp-fmtstream.c b/argp/argp-fmtstream.c
index d06ea8453b..215160bdcd 100644
--- a/argp/argp-fmtstream.c
+++ b/argp/argp-fmtstream.c
@@ -385,10 +385,11 @@ __argp_fmtstream_ensure (struct argp_fmtstream *fs, size_t amount)
       if ((size_t) (fs->end - fs->buf) < amount)
 	/* Gotta grow the buffer.  */
 	{
-	  size_t new_size = fs->end - fs->buf + amount;
-	  char *new_buf = realloc (fs->buf, new_size);
+	  size_t old_size = fs->end - fs->buf;
+	  size_t new_size = old_size + amount;
+	  char *new_buf;
 
-	  if (! new_buf)
+	  if (new_size < old_size || ! (new_buf = realloc (fs->buf, new_size)))
 	    {
 	      __set_errno (ENOMEM);
 	      return 0;
-- 
cgit 1.4.1