# HG changeset patch
# User Loïc Guilloux <glx22@users.noreply.github.com>
# Date 2023-05-20 14:43:22
# Node ID 3e6635e1d04284195d9b1a47bf4660b275ec6e0e
# Parent  4589576d493beab4c8b9e8723284744e56d9a278

Fix #10846: [Squirrel] Ensure sqvector size does not overflow (#10848)

diff --git a/src/3rdparty/squirrel/squirrel/squtils.h b/src/3rdparty/squirrel/squirrel/squtils.h
--- a/src/3rdparty/squirrel/squirrel/squtils.h
+++ b/src/3rdparty/squirrel/squirrel/squtils.h
@@ -2,6 +2,9 @@
 #ifndef _SQUTILS_H_
 #define _SQUTILS_H_
 
+#include "../../fmt/format.h"
+#include "../../../script/script_fatalerror.hpp"
+
 void *sq_vm_malloc(SQUnsignedInteger size);
 void *sq_vm_realloc(void *p,SQUnsignedInteger oldsize,SQUnsignedInteger size);
 void sq_vm_free(void *p,SQUnsignedInteger size);
@@ -102,6 +105,10 @@ private:
 	void _realloc(SQUnsignedInteger newsize)
 	{
 		newsize = (newsize > 0)?newsize:4;
+		if (newsize > SIZE_MAX / sizeof(T)) {
+			std::string msg = fmt::format("cannot resize to {}", newsize);
+			throw Script_FatalError(msg);
+		}
 		_vals = (T*)SQ_REALLOC(_vals, _allocated * sizeof(T), newsize * sizeof(T));
 		_allocated = (size_t)newsize;
 	}