--- src/funcs.c.orig 2007-06-18 18:14:50.000000000 -0700
+++ src/funcs.c 2007-06-18 18:38:36.000000000 -0700
@@ -26,6 +26,7 @@
*/
#include "file.h"
#include "magic.h"
+#include <limits.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
@@ -177,6 +178,10 @@
if (ms->flags & MAGIC_RAW)
return ms->o.buf;
+ if (ms->o.len > (SIZE_T_MAX - 1) / 4) {
+ file_oomem(ms);
+ return NULL;
+ }
nsize = ms->o.len * 4 + 1;
if (ms->o.psize < nsize) {
if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {