vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.c in rbnacl-libsodium-1.0.10 vs vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.c in rbnacl-libsodium-1.0.11

@@ -15,11 +15,10 @@
 #include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <limits.h>
 
-
 #include "utils.h"
 
 #include "argon2.h"
 #include "argon2-encoding.h"
 #include "argon2-core.h"
@@ -177,21 +176,26 @@
 
     argon2_context ctx;
     uint8_t *out;
     int decode_result;
     int ret;
-    uint32_t encoded_len;
+    size_t encoded_len;
 
     memset(&ctx, 0, sizeof ctx);
 
+    ctx.pwd = NULL;
+    ctx.pwdlen = 0;
     ctx.secret = NULL;
     ctx.secretlen = 0;
 
     /* max values, to be updated in decode_string */
-    encoded_len = (uint32_t) strlen(encoded);
-    ctx.adlen = encoded_len;
-    ctx.saltlen = encoded_len;
-    ctx.outlen = encoded_len;
+    encoded_len = strlen(encoded);
+    if (encoded_len > UINT32_MAX) {
+        return ARGON2_DECODING_LENGTH_FAIL;
+    }
+    ctx.adlen = (uint32_t) encoded_len;
+    ctx.saltlen = (uint32_t) encoded_len;
+    ctx.outlen = (uint32_t) encoded_len;
 
     ctx.ad = (uint8_t *) malloc(ctx.adlen);
     ctx.salt = (uint8_t *) malloc(ctx.saltlen);
     ctx.out = (uint8_t *) malloc(ctx.outlen);
     if (!ctx.out || !ctx.salt || !ctx.ad) {