From baa4c5b836dee7dcf821cb9f28bfbf9ed19a0323 Mon Sep 17 00:00:00 2001
From: ma-moon <100507036+ma-moon@users.noreply.github.com>
Date: Sat, 2 May 2026 22:33:12 +0800
Subject: [PATCH] fix: add overflow guard in mpack_growable_writer_flush resize
 loop

---
 3rd/msgpack/src/mpack.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/3rd/msgpack/src/mpack.c b/3rd/msgpack/src/mpack.c
index 4f0dab4a..feb557b5 100644
--- a/3rd/msgpack/src/mpack.c
+++ b/3rd/msgpack/src/mpack.c
@@ -1164,10 +1164,16 @@ static void mpack_growable_writer_flush(mpack_writer_t* writer, const char* data
             (int)count, (int)mpack_writer_buffer_left(writer), (int)used, (int)size);
 
     // grow to fit the data
-    // TODO: this really needs to correctly test for overflow
+    // overflow-guarded resize
+    if (size > SIZE_MAX / 2) {
+        mpack_writer_flag_error(writer, mpack_error_memory);
+        return;
+    }
     size_t new_size = size * 2;
-    while (new_size < used + count)
+    while (new_size < used + count) {
+        if (new_size > SIZE_MAX / 2) break;
         new_size *= 2;
+    }
 
     mpack_log("flush growing buffer size from %i to %i\n", (int)size, (int)new_size);