From a8826c6e63d47c7ad12e52f4cdb628968bf95e68 Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Mon, 7 Feb 2005 16:49:58 +0000
Subject: (vasnprintf) [!USE_SNPRINTF]: Correct the test for integer overflow.

---
 lib/vasnprintf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index d49bc559e..c4c166467 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -1,5 +1,5 @@
 /* vsprintf with automatic memory allocation.
-   Copyright (C) 1999, 2002-2004 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2005 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -294,9 +294,10 @@ VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list ar
 
 			  do
 			    {
-			      if (SIZE_MAX / 10 <= width)
+			      size_t w_tmp = width * 10 + (*digitp++ - '0');
+			      if (SIZE_MAX / 10 <= width || w_tmp < width)
 				goto out_of_memory;
-			      width = width * 10 + (*digitp++ - '0');
+			      width = w_tmp;
 			    }
 			  while (digitp != dp->width_end);
 			}
-- 
cgit v1.2.3-70-g09d2