From 435524247782e8fc64a96e9e18e7d1bfecbb9dd0 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 3 Mar 2022 21:15:19 +0100
Subject: [PATCH] printbuf: do not allow invalid arguments

If invalid arguments are passed to printbuf functions return -1 to
protect printbuf internals.
---
 printbuf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/printbuf.c b/printbuf.c
index 00822fac..ac7ecc93 100644
--- a/printbuf.c
+++ b/printbuf.c
@@ -91,7 +91,7 @@ static int printbuf_extend(struct printbuf *p, int min_size)
 int printbuf_memappend(struct printbuf *p, const char *buf, int size)
 {
 	/* Prevent signed integer overflows with large buffers. */
-	if (size > INT_MAX - p->bpos - 1)
+	if (size < 0 || size > INT_MAX - p->bpos - 1)
 		return -1;
 	if (p->size <= p->bpos + size + 1)
 	{
@@ -111,7 +111,7 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
 	if (offset == -1)
 		offset = pb->bpos;
 	/* Prevent signed integer overflows with large buffers. */
-	if (len > INT_MAX - offset)
+	if (len < 0 || offset < -1 || len > INT_MAX - offset)
 		return -1;
 	size_needed = offset + len;
 	if (pb->size < size_needed)
-- 
2.39.5