From bcd96426fca642ecfec613b8edfcffd893a2f6e5 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Thu, 21 Dec 2023 20:21:34 +0000
Subject: [PATCH] Avoid use-after-free in builtin unicode

Calculate length _before_ realloc, not after.
---
 src/unicode_builtin.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/unicode_builtin.c b/src/unicode_builtin.c
index e2ee0ab..6d398b7 100644
--- a/src/unicode_builtin.c
+++ b/src/unicode_builtin.c
@@ -372,13 +372,13 @@ static inline bool unicode_builtin_encoding_convert(
 			goto done;
 		}
 
+		out_len = out_start - out;
+
 		if ((new_out = realloc(out, out_size)) == NULL) {
 			ntlm_client_set_errmsg(ntlm, "out of memory");
 			goto done;
 		}
 
-		out_len = out_start - out;
-
 		out = new_out;
 		out_start = new_out + out_len;
 		out_end = out + out_size;