diff -r ec62453fc8a6 -r 1ecf4dbbc60c src/buffer.c --- a/src/buffer.c Fri Dec 20 21:25:33 2024 +0100 +++ b/src/buffer.c Sat Dec 21 21:03:28 2024 +0100 @@ -30,6 +30,7 @@ #include #include +#include static int buffer_copy_on_write(CxBuffer* buffer) { if (0 == (buffer->flags & CX_BUFFER_COPY_ON_WRITE)) return 0; @@ -136,6 +137,7 @@ npos += offset; if ((offset > 0 && npos < opos) || (offset < 0 && npos > opos)) { + errno = EOVERFLOW; return -1; } @@ -247,6 +249,7 @@ size_t len; size_t nitems_out = nitems; if (cx_szmul(size, nitems, &len)) { + errno = EOVERFLOW; return 0; } size_t required = buffer->pos + len; @@ -285,6 +288,7 @@ if (perform_flush) { size_t flush_max; if (cx_szmul(buffer->flush_blkmax, buffer->flush_blksize, &flush_max)) { + errno = EOVERFLOW; return 0; } size_t flush_pos = buffer->flush_func == NULL || buffer->flush_target == NULL @@ -385,6 +389,7 @@ ) { size_t len; if (cx_szmul(size, nitems, &len)) { + errno = EOVERFLOW; return 0; } if (buffer->pos + len > buffer->size) { @@ -436,6 +441,10 @@ CxBuffer *buffer, size_t shift ) { + if (buffer->size > SIZE_MAX - shift) { + errno = EOVERFLOW; + return -1; + } size_t req_capacity = buffer->size + shift; size_t movebytes;