From e425ef9cb39500687d83654a565c8abd203ff8ba Mon Sep 17 00:00:00 2001
From: Jeroen Ooms <jeroenooms@gmail.com>
Date: Thu, 26 Oct 2023 20:24:09 +0200
Subject: [PATCH] Apply Debian CVE-2022-24795.patch

---
 src/yajl/yajl_buf.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/yajl/yajl_buf.c b/src/yajl/yajl_buf.c
index 1aeafde..55c11ad 100644
--- a/src/yajl/yajl_buf.c
+++ b/src/yajl/yajl_buf.c
@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
 
     need = buf->len;
 
-    while (want >= (need - buf->used)) need <<= 1;
+    if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) {
+        /* We cannot allocate more memory than SIZE_MAX. */
+        abort();
+    }
+    while (want >= (need - buf->used)) {
+        if (need >= (size_t)((size_t)(-1)<<1)>>1) {
+            /* need would overflow. */
+            abort();
+        }
+        need <<= 1;
+    }
 
     if (need != buf->len) {
         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);