diff --git a/src/core/wee-string.c b/src/core/wee-string.c index 19a25b28b..5025958a1 100644 --- a/src/core/wee-string.c +++ b/src/core/wee-string.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -224,6 +225,10 @@ string_repeat (const char *string, int count) return strdup (string); length_string = strlen (string); + + if (count >= INT_MAX / length_string) + return NULL; + length_result = (length_string * count) + 1; result = malloc (length_result); if (!result) diff --git a/tests/unit/core/test-core-string.cpp b/tests/unit/core/test-core-string.cpp index 11ec19b4d..a1dda1af2 100644 --- a/tests/unit/core/test-core-string.cpp +++ b/tests/unit/core/test-core-string.cpp @@ -26,6 +26,7 @@ extern "C" #ifndef HAVE_CONFIG_H #define HAVE_CONFIG_H #endif +#include #include #include #include @@ -300,6 +301,8 @@ TEST(CoreString, Reverse) TEST(CoreString, Repeat) { POINTERS_EQUAL(NULL, string_repeat (NULL, 1)); + POINTERS_EQUAL(NULL, string_repeat ("----", INT_MAX / 4)); + STRCMP_EQUAL("", string_repeat ("", 1)); STRCMP_EQUAL("", string_repeat ("x", -1));