From 44071b68f235b67e227727c3715ad25f3b6b9640 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 24 Mar 2025 18:10:49 +0000
Subject: [PATCH] buffer: Don't allow the buffer to grow larger than its
 defined length

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/pakfire/buffer.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/pakfire/buffer.c b/src/pakfire/buffer.c
index ddf5543e..a21ecd9b 100644
--- a/src/pakfire/buffer.c
+++ b/src/pakfire/buffer.c
@@ -56,12 +56,19 @@ void pakfire_buffer_free(struct pakfire_buffer* buffer) {
 }
 
 // Rounds up length to the nearest chunk size
-static size_t pakfire_buffer_align(size_t length) {
+static size_t pakfire_buffer_align(struct pakfire_buffer* self, size_t length) {
 	// Always have at least one chunk
 	if (!length)
 		return CHUNK_SIZE;
 
-	return ((length + CHUNK_SIZE - 1) / CHUNK_SIZE) * CHUNK_SIZE;
+	// Round up to the nearest chunk size
+	length = ((length + CHUNK_SIZE - 1) / CHUNK_SIZE) * CHUNK_SIZE;
+
+	// Don't ever grow bigger than the maximum length
+	if (self->max_length && length > self->max_length)
+		length = self->max_length;
+
+	return length;
 }
 
 static int pakfire_buffer_resize(struct pakfire_buffer* self, size_t length) {
@@ -70,7 +77,7 @@ static int pakfire_buffer_resize(struct pakfire_buffer* self, size_t length) {
 		return -ENOBUFS;
 
 	// Round up to the nearest chunk size
-	length = pakfire_buffer_align(length);
+	length = pakfire_buffer_align(self, length);
 
 	// Re-allocate the buffer
 	self->data = pakfire_realloc(self->data, length);
-- 
2.39.5