From: Rich Felker Date: Sun, 4 Sep 2011 14:29:04 +0000 (-0400) Subject: memstreams: fix incorrect handling of file pos > current size X-Git-Tag: v0.8.0~16 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7ee3dcb3c603b20fcd4547ffb00e11701c6d1cf4;p=oweals%2Fmusl.git memstreams: fix incorrect handling of file pos > current size the addition is safe and cannot overflow because both operands are positive when considered as signed quantities. --- diff --git a/src/stdio/open_memstream.c b/src/stdio/open_memstream.c index 7fc16204..687e818d 100644 --- a/src/stdio/open_memstream.c +++ b/src/stdio/open_memstream.c @@ -32,8 +32,8 @@ static size_t ms_write(FILE *f, const unsigned char *buf, size_t len) f->wpos = f->wbase; if (ms_write(f, f->wbase, len2) < len2) return 0; } - if (len >= c->space - c->pos) { - len2 = 2*c->space+1 | c->space+len+1; + if (len + c->pos >= c->space) { + len2 = 2*c->space+1 | c->pos+len+1; newbuf = realloc(c->buf, len2); if (!newbuf) return 0; *c->bufp = c->buf = newbuf; diff --git a/src/stdio/open_wmemstream.c b/src/stdio/open_wmemstream.c index 0db77416..a830b143 100644 --- a/src/stdio/open_wmemstream.c +++ b/src/stdio/open_wmemstream.c @@ -30,8 +30,8 @@ static size_t wms_write(FILE *f, const unsigned char *buf, size_t len) struct cookie *c = f->cookie; size_t len2; wchar_t *newbuf; - if (len >= c->space - c->pos) { - len2 = 2*c->space+1 | c->space+len+1; + if (len + c->pos >= c->space) { + len2 = 2*c->space+1 | c->pos+len+1; if (len2 > SSIZE_MAX/4) return 0; newbuf = realloc(c->buf, len2*4); if (!newbuf) return 0;