From 9aed5784663152437ae059278ee61d62ef4175bf Mon Sep 17 00:00:00 2001
From: Calvin Rose <calsrose@gmail.com>
Date: Fri, 29 Jan 2021 18:32:54 -0600
Subject: [PATCH] Address #616 Buffer extra overflow bug.

We should have a normal error instead of undefined behavior, wrap
around, or wait for realloc to fail.
---
 src/core/buffer.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core/buffer.c b/src/core/buffer.c
index ae490ddb..9b3fbe5a 100644
--- a/src/core/buffer.c
+++ b/src/core/buffer.c
@@ -91,7 +91,9 @@ void janet_buffer_extra(JanetBuffer *buffer, int32_t n) {
     }
     int32_t new_size = buffer->count + n;
     if (new_size > buffer->capacity) {
-        int32_t new_capacity = new_size * 2;
+        size_t new_capacity_sizet = (size_t) (new_size) * 2;
+        if (new_capacity_sizet > INT32_MAX) new_capacity_sizet = INT32_MAX;
+        int32_t new_capacity = (int32_t) new_capacity_sizet;
         uint8_t *new_data = realloc(buffer->data, new_capacity * sizeof(uint8_t));
         janet_gcpressure(new_capacity - buffer->capacity);
         if (NULL == new_data) {