From 68c045361e7cce81c704ae76f604c98fe4ded8fe Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Tue, 3 Nov 2009 18:55:21 +0100
Subject: [PATCH] hivex: fail upon integer overflow

* hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a
potential infloop.
---
 hivex/hivex.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hivex/hivex.c b/hivex/hivex.c
index 4fa3b30..ac46346 100644
--- a/hivex/hivex.c
+++ b/hivex/hivex.c
@@ -1033,9 +1033,12 @@ windows_utf16_to_utf8 (/* const */ char *input, size_t len)
   size_t r = iconv (ic, &inp, &inlen, &outp, &outlen);
   if (r == (size_t) -1) {
     if (errno == E2BIG) {
+      size_t prev = outalloc;
       /* Try again with a larger output buffer. */
       free (out);
       outalloc *= 2;
+      if (outalloc < prev)
+        return NULL;
       goto again;
     }
     else {
-- 
1.8.3.1