From 992e93d88c4aa28a7d675ea7322f84d64758239a Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Fri, 19 Oct 2018 20:55:38 +0300
Subject: [PATCH] Handling int overflow in njs_array_alloc() on 32bit archs.

---
 njs/njs_array.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/njs/njs_array.c b/njs/njs_array.c
index 028bb627..c11ca05a 100644
--- a/njs/njs_array.c
+++ b/njs/njs_array.c
@@ -109,7 +109,7 @@ static njs_ret_t njs_array_prototype_sort_continuation(njs_vm_t *vm,
 nxt_noinline njs_array_t *
 njs_array_alloc(njs_vm_t *vm, uint32_t length, uint32_t spare)
 {
-    size_t       size;
+    uint64_t     size;
     njs_array_t  *array;
 
     array = nxt_mem_cache_alloc(vm->mem_cache_pool, sizeof(njs_array_t));
@@ -117,9 +117,9 @@ njs_array_alloc(njs_vm_t *vm, uint32_t length, uint32_t spare)
         goto memory_error;
     }
 
-    size = (size_t) length + spare;
+    size = (uint64_t) length + spare;
 
-    if (nxt_slow_path(size * sizeof(njs_value_t) < size)) {
+    if (nxt_slow_path((size * sizeof(njs_value_t)) >= 0xffffffff)) {
         goto memory_error;
     }
 
-- 
2.47.3