From 5e36ed43a6daaf41134a39f7ff02a7bc2de972be Mon Sep 17 00:00:00 2001
From: Rohithmatham12 <rohithmatham@gmail.com>
Date: Wed, 10 Jun 2026 16:26:12 -0400
Subject: [PATCH] Guard mirrored directory name allocation size

---
 programs/util.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/programs/util.c b/programs/util.c
index 652530b1223..30fe91fd01a 100644
--- a/programs/util.c
+++ b/programs/util.c
@@ -1210,9 +1210,15 @@ static char* mallocAndJoin2Dir(const char *dir1, const char *dir2)
     assert(dir1 != NULL && dir2 != NULL);
     {   const size_t dir1Size = strlen(dir1);
         const size_t dir2Size = strlen(dir2);
+        size_t outDirBufferSize;
         char *outDirBuffer, *buffer;
 
-        outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
+        CONTROL(dir1Size <= (size_t)-1 - dir2Size);
+        outDirBufferSize = dir1Size + dir2Size;
+        CONTROL(outDirBufferSize <= (size_t)-1 - 2);
+        outDirBufferSize += 2;
+
+        outDirBuffer = (char *) malloc(outDirBufferSize);
         CONTROL(outDirBuffer != NULL);
 
         memcpy(outDirBuffer, dir1, dir1Size);