From 50560e1be9d8a16f6966e438f92c014d82675682 Mon Sep 17 00:00:00 2001
From: Kevin Day <thekevinday@gmail.com>
Date: Sat, 26 Sep 2020 16:14:52 -0500
Subject: [PATCH] Security: Incorrect size increase in
 private_fll_iki_content_partial_escape().

The size increase test is "escaped->used + delimits + 2", but actual arguments passed to the increase function is "delimits".
The "+2" is missing.

This gets caught by the parameter checker when delimits is 0.
When delimits is, say 1, then an insufficient amount of memory is increased.
This will likely result in a segfault.
---
 level_2/fll_iki/c/private-iki.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/level_2/fll_iki/c/private-iki.c b/level_2/fll_iki/c/private-iki.c
index 6e666f7..36b4679 100644
--- a/level_2/fll_iki/c/private-iki.c
+++ b/level_2/fll_iki/c/private-iki.c
@@ -23,7 +23,7 @@ extern "C" {
 
       if (content.string[i] == quote) {
         if (escaped->used + delimits + 2 > escaped->size) {
-          status = fl_string_dynamic_size_increase(delimits, escaped);
+          status = fl_string_dynamic_size_increase(delimits + 2, escaped);
           if (F_status_is_error(status)) return status;
         }
 
-- 
1.8.3.1