From 41b454e7c432248974b0d492c32f29281dde5d66 Mon Sep 17 00:00:00 2001
From: Pierre Pronchery <khorben@defora.org>
Date: Wed, 17 Jan 2018 01:55:32 +0100
Subject: [PATCH] Detect integer overflows when filling buffers

---
 src/buffer.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/buffer.c b/src/buffer.c
index 08b74aa..cdffba9 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -101,7 +101,11 @@ int buffer_set(Buffer * buffer, size_t size, char * data)
 /* buffer_set_data */
 int buffer_set_data(Buffer * buffer, size_t offset, char * data, size_t size)
 {
-	if(offset + size > buffer->size) /* FIXME integer overflow */
+	size_t s = offset + size;
+
+	if(s < offset && s < size)
+		return error_set_code(-ERANGE, "%s", strerror(ERANGE));
+	if(offset + size > buffer->size)
 		if(buffer_set_size(buffer, offset + size) != 0)
 			return -1;
 	memcpy(&buffer->data[offset], data, size);