lib-mail: ostream-dot - Add asserts to make sure max_bytes doesn't underflow

diff --git a/src/lib-mail/ostream-dot.c b/src/lib-mail/ostream-dot.c
index 6827cbdc01250b008453819d31f9ad77fad48197..3909801caea0b44ceb13e0fd531b96fbe1faa113 100644 (file)
--- a/src/lib-mail/ostream-dot.c
+++ b/src/lib-mail/ostream-dot.c
@@ -167,6 +167,7 @@ o_stream_dot_sendv(struct ostream_private *stream,
                                        iovn.iov_len = chunk;
                                        array_append(&iov_arr, &iovn, 1);
                                        data = p;
+                                       i_assert(max_bytes >= chunk);
                                        max_bytes -= chunk;
                                        sent += chunk;
                                }
@@ -175,6 +176,7 @@ o_stream_dot_sendv(struct ostream_private *stream,
                                iovn.iov_base = (add == '\r' ? "\r\n" : "..");
                                iovn.iov_len = 2;
                                array_append(&iov_arr, &iovn, 1);
+                               i_assert(max_bytes >= 2);
                                max_bytes -= 2;
                                added++;
                                sent++;
@@ -189,6 +191,7 @@ o_stream_dot_sendv(struct ostream_private *stream,
                        iovn.iov_base = data;
                        iovn.iov_len = chunk;
                        array_append(&iov_arr, &iovn, 1);
+                       i_assert(max_bytes >= chunk);
                        max_bytes -= chunk;
                        sent += chunk;
                }