diff --git a/src/spell.c b/src/spell.c
index 20344f2..a313cca 100644
--- a/src/spell.c
+++ b/src/spell.c
@@ -4043,6 +4043,9 @@ spell_read_tree(fd, bytsp, idxsp, prefixtree, prefixcnt)
len = get4c(fd);
if (len < 0)
return SP_TRUNCERROR;
+ if (len >= 0x3ffffff)
+ /* Invalid length, multiply with sizeof(int) would overflow. */
+ return SP_FORMERROR;
if (len > 0)
{
/* Allocate the byte array. */
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
a0b70d761d82dc51a820d13d5b3b3455
>
files
>
29
