From d1a260932ce19f5d73b94730b5d41e3681eb68a7 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Fri, 16 May 2025 23:11:52 +0200
Subject: [PATCH] tar: Support large strings in safe_fprintf

The vsnprintf calls might return INT_MAX with very long strings.
Prevent a signed integer overflow when taking an additional nul
byte into account.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 tar/util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tar/util.c b/tar/util.c
index dc0ab419e..ea69aa9d7 100644
--- a/tar/util.c
+++ b/tar/util.c
@@ -78,7 +78,7 @@ safe_fprintf(FILE * restrict f, const char * restrict fmt, ...)
 	char outbuff[256]; /* Buffer for outgoing characters. */
 	char *fmtbuff_heap; /* If fmtbuff_stack is too small, we use malloc */
 	char *fmtbuff;  /* Pointer to fmtbuff_stack or fmtbuff_heap. */
-	int fmtbuff_length;
+	size_t fmtbuff_length;
 	int length, n;
 	va_list ap;
 	const char *p;
@@ -98,9 +98,9 @@ safe_fprintf(FILE * restrict f, const char * restrict fmt, ...)
 	va_end(ap);
 
 	/* If the result was too large, allocate a buffer on the heap. */
-	while (length < 0 || length >= fmtbuff_length) {
-		if (length >= fmtbuff_length)
-			fmtbuff_length = length+1;
+	while (length < 0 || (size_t)length >= fmtbuff_length) {
+		if (length >= 0 && (size_t)length >= fmtbuff_length)
+			fmtbuff_length = (size_t)length + 1;
 		else if (fmtbuff_length < 8192)
 			fmtbuff_length *= 2;
 		else if (fmtbuff_length < 1000000)
-- 
2.47.2