From e9877d8080ed2445252ef4ed97f2a5d28799d97b Mon Sep 17 00:00:00 2001 From: Jonas 'Sortie' Termansen Date: Fri, 17 Mar 2023 00:48:16 +0100 Subject: [PATCH] Fix fmemopen(3) fseeko(3) overflow detection. --- libc/stdio/fmemopen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libc/stdio/fmemopen.c b/libc/stdio/fmemopen.c index 0ed15811..0f06631b 100644 --- a/libc/stdio/fmemopen.c +++ b/libc/stdio/fmemopen.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, 2015 Jonas 'Sortie' Termansen. + * Copyright (c) 2014, 2015, 2023 Jonas 'Sortie' Termansen. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -114,7 +114,7 @@ static off_t fmemopen_seek(void* state_ptr, off_t offset, int whence) case SEEK_END: base = (off_t) state->buffer_used; break; default: return errno = EINVAL, -1; } - if ( offset < -base || base - (off_t) state->buffer_size < offset ) + if ( offset < -base || (off_t) state->buffer_size - base < offset ) return errno = EOVERFLOW, -1; return (off_t) (state->buffer_offset = (size_t) (base + offset)); }