From 453fc7a0185dcd046a8ab2b029e0807a073f93c2 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Mon, 30 May 2016 05:41:57 +0200
Subject: [PATCH] Make sure max in fmtstr() doesn't overflow into negativity

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 crypto/bio/b_print.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 545c469810..1b70bac71b 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -390,8 +390,16 @@ fmtstr(char **sbuffer,
     padlen = min - strln;
     if (min < 0 || padlen < 0)
         padlen = 0;
-    if (max >= 0)
-        max += padlen;      /* The maximum output including padding */
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
     if (flags & DP_F_MINUS)
         padlen = -padlen;
 
-- 
2.25.1