From 7969907116f6b7af197094391b8d845723917f74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Guilloux?= <glx22@users.noreply.github.com>
Date: Sat, 20 May 2023 16:43:22 +0200
Subject: [PATCH] Fix #10846: [Squirrel] Ensure sqvector size does not overflow
 (#10848)

---
 src/3rdparty/squirrel/squirrel/squtils.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/3rdparty/squirrel/squirrel/squtils.h b/src/3rdparty/squirrel/squirrel/squtils.h
index d7d260dba4..2c7a343638 100644
--- a/src/3rdparty/squirrel/squirrel/squtils.h
+++ b/src/3rdparty/squirrel/squirrel/squtils.h
@@ -2,6 +2,9 @@
 #ifndef _SQUTILS_H_
 #define _SQUTILS_H_
 
+#include "../../fmt/format.h"
+#include "../../../script/script_fatalerror.hpp"
+
 void *sq_vm_malloc(SQUnsignedInteger size);
 void *sq_vm_realloc(void *p,SQUnsignedInteger oldsize,SQUnsignedInteger size);
 void sq_vm_free(void *p,SQUnsignedInteger size);
@@ -102,6 +105,10 @@ private:
 	void _realloc(SQUnsignedInteger newsize)
 	{
 		newsize = (newsize > 0)?newsize:4;
+		if (newsize > SIZE_MAX / sizeof(T)) {
+			std::string msg = fmt::format("cannot resize to {}", newsize);
+			throw Script_FatalError(msg);
+		}
 		_vals = (T*)SQ_REALLOC(_vals, _allocated * sizeof(T), newsize * sizeof(T));
 		_allocated = (size_t)newsize;
 	}