From 441912c82ae6910b58c402d94aafee915c6aa971 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 6 Jul 2009 13:51:39 +1200
Subject: [PATCH] Author: Alex Rousskov <rousskov@measurement-factory.com> Bug
 2659: String length overflows on append, leading to segfaults

Long-term patch for 3.0. This softens the error, but does not
resolve the issue completely for ESI.

Short-term patch for 3.1. The limit is arbitrary and may be fixed
at some point by a better patch. This one will work however.
---
 src/String.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/String.cc b/src/String.cc
index 5fa2e5c3a5..d1edf6164c 100644
--- a/src/String.cc
+++ b/src/String.cc
@@ -173,6 +173,7 @@ String::append(const char *str, int len)
         len_ += len;
     } else {
         String snew;
+        assert(len_ + len < 65536); // otherwise snew.len_ overflows below
         snew.len_ = len_ + len;
         snew.initBuf(snew.len_ + 1);
 
-- 
2.47.2