From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 3 Mar 2022 20:15:19 +0000 (+0100)
Subject: printbuf: do not allow invalid arguments
X-Git-Tag: json-c-0.16-20220414~16^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F751%2Fhead;p=thirdparty%2Fjson-c.git

printbuf: do not allow invalid arguments

If invalid arguments are passed to printbuf functions return -1 to
protect printbuf internals.
---

diff --git a/printbuf.c b/printbuf.c
index 00822fac..ac7ecc93 100644
--- a/printbuf.c
+++ b/printbuf.c
@@ -91,7 +91,7 @@ static int printbuf_extend(struct printbuf *p, int min_size)
 int printbuf_memappend(struct printbuf *p, const char *buf, int size)
 {
 	/* Prevent signed integer overflows with large buffers. */
-	if (size > INT_MAX - p->bpos - 1)
+	if (size < 0 || size > INT_MAX - p->bpos - 1)
 		return -1;
 	if (p->size <= p->bpos + size + 1)
 	{
@@ -111,7 +111,7 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
 	if (offset == -1)
 		offset = pb->bpos;
 	/* Prevent signed integer overflows with large buffers. */
-	if (len > INT_MAX - offset)
+	if (len < 0 || offset < -1 || len > INT_MAX - offset)
 		return -1;
 	size_needed = offset + len;
 	if (pb->size < size_needed)