From 340c24e31f760e3ca38d2dcfb8a73b3ba2a8aad7 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 14 Mar 2016 11:50:15 +0000
Subject: [PATCH] [Fix] Fix memory allocation in fstring

---
 src/libutil/fstring.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/libutil/fstring.c b/src/libutil/fstring.c
index 87773bd94..dcec28895 100644
--- a/src/libutil/fstring.c
+++ b/src/libutil/fstring.c
@@ -66,7 +66,7 @@ rspamd_fstring_new_init (const gchar *init, gsize len)
 rspamd_fstring_t *
 rspamd_fstring_assign (rspamd_fstring_t *str, const gchar *init, gsize len)
 {
-	gsize avail = str->allocated;
+	gsize avail = fstravail (str);
 
 	if (avail < len) {
 		str = rspamd_fstring_grow (str, len);
@@ -93,7 +93,7 @@ rspamd_fstring_grow (rspamd_fstring_t *str, gsize needed_len)
 	gsize newlen;
 	gpointer nptr;
 
-	newlen = str->len + needed_len;
+	newlen = str->allocated;
 
 	/*
 	 * Stop exponential grow at some point, since it might be slow for the
@@ -106,6 +106,20 @@ rspamd_fstring_grow (rspamd_fstring_t *str, gsize needed_len)
 		newlen += max_grow;
 	}
 
+	/*
+	 * Check for overflow
+	 */
+	if (newlen <= str->len + needed_len) {
+		newlen = str->len + needed_len;
+
+		if (newlen < max_grow) {
+			newlen *= 2;
+		}
+		else {
+			newlen += max_grow;
+		}
+	}
+
 	nptr = realloc (str, newlen + sizeof (*str));
 
 	if (nptr == NULL) {
-- 
2.39.5