diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | transcode.c | 2 |
2 files changed, 5 insertions, 1 deletions
@@ -1,3 +1,7 @@ +Sat Sep 6 18:38:47 2008 Tanaka Akira <akr@fsij.org> + + * transcode.c (allocate_converted_string): fix overflow condition. + Sat Sep 6 15:06:21 2008 Tanaka Akira <akr@fsij.org> * transcode.c (sym_html): new variable. diff --git a/transcode.c b/transcode.c index cc3fc53c7a..ccb54dfff0 100644 --- a/transcode.c +++ b/transcode.c @@ -1445,7 +1445,7 @@ allocate_converted_string(const char *sname, const char *dname, res = rb_econv_convert(ec, &sp, str+len, &dp, dst_str+dst_bufsize, 0); dst_len = dp - dst_str; while (res == econv_destination_buffer_full) { - if (dst_bufsize * 2 < dst_bufsize) { + if (SIZE_MAX/2 < dst_bufsize) { goto fail; } dst_bufsize *= 2; |