From 61f0d683e047746d714adaf1d11d6736ee0c304b Mon Sep 17 00:00:00 2001
From: Niels Lohmann <mail@nlohmann.me>
Date: Wed, 20 May 2026 22:08:45 +0200
Subject: [PATCH] :bug: avoid overflow

Signed-off-by: Niels Lohmann <mail@nlohmann.me>
---
 include/nlohmann/detail/output/serializer.hpp | 9 ++++++---
 single_include/nlohmann/json.hpp              | 9 ++++++---
 tests/src/unit-inspection.cpp                 | 6 ++++++
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/include/nlohmann/detail/output/serializer.hpp b/include/nlohmann/detail/output/serializer.hpp
index cdf0a9d7b..6e75aff43 100644
--- a/include/nlohmann/detail/output/serializer.hpp
+++ b/include/nlohmann/detail/output/serializer.hpp
@@ -128,7 +128,8 @@ class serializer
                     const auto new_indent = current_indent + indent_step;
                     if (JSON_HEDLEY_UNLIKELY(indent_string.size() < new_indent))
                     {
-                        indent_string.resize(indent_string.size() * 2, indent_char);
+                        indent_string.resize(std::max(indent_string.size() * 2, static_cast<std::size_t>(new_indent)), indent_char);
+                        JSON_ASSERT(indent_string.size() >= new_indent);
                     }
 
                     // first n-1 elements
@@ -201,7 +202,8 @@ class serializer
                     const auto new_indent = current_indent + indent_step;
                     if (JSON_HEDLEY_UNLIKELY(indent_string.size() < new_indent))
                     {
-                        indent_string.resize(indent_string.size() * 2, indent_char);
+                        indent_string.resize(std::max(indent_string.size() * 2, static_cast<std::size_t>(new_indent)), indent_char);
+                        JSON_ASSERT(indent_string.size() >= new_indent);
                     }
 
                     // first n-1 elements
@@ -262,7 +264,8 @@ class serializer
                     const auto new_indent = current_indent + indent_step;
                     if (JSON_HEDLEY_UNLIKELY(indent_string.size() < new_indent))
                     {
-                        indent_string.resize(indent_string.size() * 2, indent_char);
+                        indent_string.resize(std::max(indent_string.size() * 2, static_cast<std::size_t>(new_indent)), indent_char);
+                        JSON_ASSERT(indent_string.size() >= new_indent);
                     }
 
                     o->write_characters(indent_string.c_str(), new_indent);
diff --git a/single_include/nlohmann/json.hpp b/single_include/nlohmann/json.hpp
index 3a7e6fbff..663883b12 100644
--- a/single_include/nlohmann/json.hpp
+++ b/single_include/nlohmann/json.hpp
@@ -19302,7 +19302,8 @@ class serializer
                     const auto new_indent = current_indent + indent_step;
                     if (JSON_HEDLEY_UNLIKELY(indent_string.size() < new_indent))
                     {
-                        indent_string.resize(indent_string.size() * 2, indent_char);
+                        indent_string.resize(std::max(indent_string.size() * 2, static_cast<std::size_t>(new_indent)), indent_char);
+                        JSON_ASSERT(indent_string.size() >= new_indent);
                     }
 
                     // first n-1 elements
@@ -19375,7 +19376,8 @@ class serializer
                     const auto new_indent = current_indent + indent_step;
                     if (JSON_HEDLEY_UNLIKELY(indent_string.size() < new_indent))
                     {
-                        indent_string.resize(indent_string.size() * 2, indent_char);
+                        indent_string.resize(std::max(indent_string.size() * 2, static_cast<std::size_t>(new_indent)), indent_char);
+                        JSON_ASSERT(indent_string.size() >= new_indent);
                     }
 
                     // first n-1 elements
@@ -19436,7 +19438,8 @@ class serializer
                     const auto new_indent = current_indent + indent_step;
                     if (JSON_HEDLEY_UNLIKELY(indent_string.size() < new_indent))
                     {
-                        indent_string.resize(indent_string.size() * 2, indent_char);
+                        indent_string.resize(std::max(indent_string.size() * 2, static_cast<std::size_t>(new_indent)), indent_char);
+                        JSON_ASSERT(indent_string.size() >= new_indent);
                     }
 
                     o->write_characters(indent_string.c_str(), new_indent);
diff --git a/tests/src/unit-inspection.cpp b/tests/src/unit-inspection.cpp
index 9d6d06e23..83349484e 100644
--- a/tests/src/unit-inspection.cpp
+++ b/tests/src/unit-inspection.cpp
@@ -254,6 +254,8 @@ TEST_CASE("object inspection")
                 CHECK(j_array.dump(1024).size() == 25622);
                 // check if right indentation symbol is used
                 CHECK(j_array.dump(1024, '\t')[4096] == '\t');
+                // check resize is large enough
+                CHECK(j_array.dump(10000).size() == 250022);
             }
 
             SECTION("object")
@@ -263,6 +265,8 @@ TEST_CASE("object inspection")
                 CHECK(j_object.dump(1024).size() == 25642);
                 // check if right indentation symbol is used
                 CHECK(j_object.dump(1024, '\t')[4096] == '\t');
+                // check resize is large enough
+                CHECK(j_object.dump(10000).size() == 250042);
             }
 
             SECTION("binary")
@@ -271,6 +275,8 @@ TEST_CASE("object inspection")
                 // check right size after indentation triggering a resize
                 CHECK(j_binary.dump(1024).size() == 2086);
                 CHECK(j_binary.dump(1024, '\t')[1024] == '\t');
+                // check resize is large enough
+                CHECK(j_binary.dump(10000).size() == 20038);
             }
         }