From 1cf4e9c5e73a74355f6aae8c67dff03e7ba20f5b Mon Sep 17 00:00:00 2001
From: John Bottenberg <jobotten@microsoft.com>
Date: Sat, 18 Mar 2017 21:33:58 -0700
Subject: [PATCH] Remove potential overflow in SafeBSTRHandle
 (dotnet/coreclr#10182)

Commit migrated from https://github.com/dotnet/coreclr/commit/671701167d2dc8f0297f08c67482b565684d8c79
---
 src/coreclr/src/mscorlib/src/System/Security/SafeBSTRHandle.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/coreclr/src/mscorlib/src/System/Security/SafeBSTRHandle.cs b/src/coreclr/src/mscorlib/src/System/Security/SafeBSTRHandle.cs
index 19d63d4..a1164dc 100644
--- a/src/coreclr/src/mscorlib/src/System/Security/SafeBSTRHandle.cs
+++ b/src/coreclr/src/mscorlib/src/System/Security/SafeBSTRHandle.cs
@@ -13,7 +13,7 @@ namespace System.Security
 
         internal static SafeBSTRHandle Allocate(uint lenInChars)
         {
-            uint lenInBytes = lenInChars * sizeof(char);
+            ulong lenInBytes = (ulong)lenInChars * sizeof(char);
             SafeBSTRHandle bstr = Interop.OleAut32.SysAllocStringLen(IntPtr.Zero, lenInChars);
             if (bstr.IsInvalid) // SysAllocStringLen returns a NULL ptr when there's insufficient memory
             {
-- 
2.7.4