From 21a635fb7abe4e66830d38c27509f81d81afe1be Mon Sep 17 00:00:00 2001
From: Eric Fischer <enf@pobox.com>
Date: Mon, 28 Mar 2016 12:00:55 -0700
Subject: [PATCH] Check for string length overflow

---
 jsonpull.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/jsonpull.c b/jsonpull.c
index cfbe3cf..869e913 100644
--- a/jsonpull.c
+++ b/jsonpull.c
@@ -212,7 +212,12 @@ static void string_init(struct string *s) {
 
 static void string_append(struct string *s, char c) {
 	if (s->n + 2 >= s->nalloc) {
+		size_t prev = s->nalloc;
 		s->nalloc += 500;
+		if (s->nalloc <= prev) {
+			fprintf(stderr, "String size overflowed\n");
+			exit(EXIT_FAILURE);
+		}
 		s->buf = realloc(s->buf, s->nalloc);
 		if (s->buf == NULL) {
 			perror("Out of memory");
@@ -228,7 +233,12 @@ static void string_append_string(struct string *s, char *add) {
 	size_t len = strlen(add);
 
 	if (s->n + len + 1 >= s->nalloc) {
+		size_t prev = s->nalloc;
 		s->nalloc += 500 + len;
+		if (s->nalloc <= prev) {
+			fprintf(stderr, "String size overflowed\n");
+			exit(EXIT_FAILURE);
+		}
 		s->buf = realloc(s->buf, s->nalloc);
 		if (s->buf == NULL) {
 			perror("Out of memory");