commit d5cec1f1f055316c353cfa15ad8d5eb0952d50a0
author =?UTF-8?q?Dundar=20G=C3=B6c?= <gocdundar@gmail.com> Sat Jan 29 15:19:23 2022 +0000
committer Bram Moolenaar <Bram@vim.org> Sat Jan 29 15:19:23 2022 +0000
tree 94d3ad44783e3442be7293edb3d5890ac08f0377
parent f12b7815f6b55c3e2f37366aa45e723b1fcb2e9a

patch 8.2.4255: theoretical computation overflow

Problem:    Theoretical computation overflow.
Solution:   Perform multiplication in a wider type. (closes #9657)

src/alloc.c

diff --git a/src/alloc.c b/src/alloc.c
index 47a099f..19f8fcd 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -737,11 +737,11 @@
     if (n < gap->ga_len / 2)
 	n = gap->ga_len / 2;
 
-    new_len = gap->ga_itemsize * (gap->ga_len + n);
+    new_len = (size_t)gap->ga_itemsize * (gap->ga_len + n);
     pp = vim_realloc(gap->ga_data, new_len);
     if (pp == NULL)
 	return FAIL;
-    old_len = gap->ga_itemsize * gap->ga_maxlen;
+    old_len = (size_t)gap->ga_itemsize * gap->ga_maxlen;
     vim_memset(pp + old_len, 0, new_len - old_len);
     gap->ga_maxlen = gap->ga_len + n;
     gap->ga_data = pp;