From 8b15b1ddeeb2b82247307374655dcc742fa42ef2 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Fri, 25 Aug 2017 19:14:45 +0200
Subject: [PATCH] Fix #2566 - Avoid negative realloc in microsoft demangler

---
 libr/bin/mangling/microsoft_demangle.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/libr/bin/mangling/microsoft_demangle.c b/libr/bin/mangling/microsoft_demangle.c
index 0c0ffbe744..041ad3f22b 100644
--- a/libr/bin/mangling/microsoft_demangle.c
+++ b/libr/bin/mangling/microsoft_demangle.c
@@ -123,10 +123,13 @@ int copy_string(STypeCodeStr *type_code_str, char *str_for_copy, unsigned int co
 		return 0;
 	}
 	if (free_space > str_for_copy_len) {
-		type_code_str->type_str_len =
-			((type_code_str->type_str_len + str_for_copy_len) << 1) + 1;
-		char *type_str = (char *) realloc (
-			type_code_str->type_str, type_code_str->type_str_len);
+		int newlen = ((type_code_str->type_str_len + str_for_copy_len) << 1) + 1;
+		if (newlen < 1) {
+			R_FREE (type_code_str->type_str);
+			goto copy_string_err;
+		}
+		type_code_str->type_str_len = newlen;
+		char *type_str = (char *) realloc (type_code_str->type_str, newlen);
 		if (!type_str) {
 			R_FREE (type_code_str->type_str);
 			goto copy_string_err;