fix twos complement overflow bug in mem streams boundary check

the expression -off is not safe in case off is the most-negative
value. instead apply - to base which is known to be non-negative and
bounded within sanity.

diff --git a/src/stdio/open_memstream.c b/src/stdio/open_memstream.c
index 2f3569f..5773709 100644 (file)
--- a/src/stdio/open_memstream.c
+++ b/src/stdio/open_memstream.c
@@ -28,7 +28,7 @@ static off_t ms_seek(FILE *f, off_t off, int whence)
                errno = EINVAL;
                return -1;
        }
-       if (-off > base || off > SSIZE_MAX-base) goto fail;
+       if (off < -base || off > SSIZE_MAX-base) goto fail;
        return c->pos = base+off;
 }
 

diff --git a/src/stdio/open_wmemstream.c b/src/stdio/open_wmemstream.c
index 3bc0f25..41b92d2 100644 (file)
--- a/src/stdio/open_wmemstream.c
+++ b/src/stdio/open_wmemstream.c
@@ -29,7 +29,7 @@ static off_t wms_seek(FILE *f, off_t off, int whence)
                errno = EINVAL;
                return -1;
        }
-       if (-off > base || off > SSIZE_MAX/4-base) goto fail;
+       if (off < -base || off > SSIZE_MAX/4-base) goto fail;
        memset(&c->mbs, 0, sizeof c->mbs);
        return c->pos = base+off;
 }