From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 4 Feb 2014 00:48:01 +0000 (-0800)
Subject: yaml_stack_extend: guard against integer overflow
X-Git-Tag: upstream/0.2.2^2~9
X-Git-Url: http://andersk.mit.edu/gitweb/libyaml.git/commitdiff_plain/96a49a1d9c771b1f7f29e8021abbb49c59f9b9a7

yaml_stack_extend: guard against integer overflow
---

diff --git a/src/api.c b/src/api.c
index b0afd1f..e793b08 100644
--- a/src/api.c
+++ b/src/api.c
@@ -118,7 +118,12 @@ yaml_string_join(
 YAML_DECLARE(int)
 yaml_stack_extend(void **start, void **top, void **end)
 {
-    void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
+    void *new_start;
+
+    if ((char *)*end - (char *)*start >= INT_MAX / 2)
+	return 0;
+
+    new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
 
     if (!new_start) return 0;