Fix signed overflow check in k5_ucs2s_to_utf8s

Signed overflow must be checked before it happens, since modern
versions of gcc will optimize out checks of the result.  Reported by
Nickolai Zeldovich <nickolai@csail.mit.edu>.

ticket: 7511

diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index 6e7c5880d743a1511b157d47baa4aa173a580108..d580bbc93c682a40209bf219542291803c884805 100644 (file)
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -276,10 +276,8 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
 #endif
 
             n = krb5int_ucs2_to_utf8(ch, NULL);
-            if (n < 1)
+            if (n < 1 || n > INT_MAX - len)
                 return -1;
-            if (len + n < len)
-                return -1; /* overflow */
             len += n;
         }