# HG changeset patch
# User Markus Mützel <markus.muetzel@gmx.de>
# Date 1625138643 -7200
# Node ID c4f9513b09f12c59cbc134958ebf10ddd7447edb
# Parent  c0e14e924dabff34dd712c82fa3deff2b1373c8e
ls-mat5.cc: Avoid integer overflow in calculation of buffer size for zlib (bug #55427).

* ls-mat5.cc (save_mat5_binary_element): Use zlib function "compressBound" to
  query upper limit for output buffer when compressing.

diff -r c0e14e924dab -r c4f9513b09f1 libinterp/corefcn/ls-mat5.cc
--- a/libinterp/corefcn/ls-mat5.cc	Tue Jun 29 19:19:31 2021 +0200
+++ b/libinterp/corefcn/ls-mat5.cc	Thu Jul 01 13:24:03 2021 +0200
@@ -2325,7 +2325,7 @@
           // + 12 bytes.  Reality is it must be larger again than that.
           std::string buf_str = buf.str ();
           uLongf srcLen = buf_str.length ();
-          uLongf destLen = srcLen * 101 / 100 + 12;
+          uLongf destLen = compressBound (srcLen);
           OCTAVE_LOCAL_BUFFER (char, out_buf, destLen);
 
           if (compress (reinterpret_cast<Bytef *> (out_buf), &destLen,