From: Omar Polo <op@omarpolo.com>
Subject: Re: fix some SIZE_MAX checks
To: gameoftrees@openbsd.org
Date: Tue, 04 Jun 2024 19:37:51 +0200

ping.  I'm positively convinced that the diff is correct, but would like
a confirmation :)

Thanks!

On 2024/05/24 20:23:43 +0200, Omar Polo <op@omarpolo.com> wrote:
> I *think* this is the correct idiom for checking if x + y overflows
> SIZE_MAX.

diff /home/op/w/got
commit - 0fa332b53c81ad34f6e60bad94ce41e14d0bffab
path + /home/op/w/got
blob - 2bb13ec800c4d056689ef15d9179ab3d8151a359
file + lib/pack.c
--- lib/pack.c
+++ lib/pack.c
@@ -940,7 +940,7 @@ parse_negative_offset(int64_t *offset, size_t *len, st
 		if (pack->map) {
 			size_t mapoff;
 
-			if (delta_offset + *len > SIZE_MAX) {
+			if (delta_offset > SIZE_MAX - *len) {
 				return got_error_fmt(GOT_ERR_PACK_OFFSET,
 				    "mapoff %lld would overflow size_t",
 				    (long long)delta_offset + *len);
@@ -1098,7 +1098,7 @@ got_pack_parse_ref_delta(struct got_object_id *id,
 	if (pack->map) {
 		size_t mapoff;
 
-		if (delta_offset + tslen > SIZE_MAX) {
+		if (delta_offset > SIZE_MAX - tslen) {
 			return got_error_fmt(GOT_ERR_PACK_OFFSET,
 			    "mapoff %lld would overflow size_t",
 			    (long long)delta_offset + tslen);
blob - 54605335e3cdf190211ea780d1041ad6a31647f0
file + lib/pack_index.c
--- lib/pack_index.c
+++ lib/pack_index.c
@@ -245,7 +245,7 @@ read_packed_object(struct got_pack *pack, struct got_i
 				err = got_error(GOT_ERR_BAD_PACKFILE);
 				break;
 			}
-			if (mapoff + SHA1_DIGEST_LENGTH > SIZE_MAX) {
+			if (mapoff > SIZE_MAX - SHA1_DIGEST_LENGTH) {
 				err = got_error_fmt(GOT_ERR_RANGE,
 				    "mapoff %lld would overflow size_t",
 				    (long long)mapoff + SHA1_DIGEST_LENGTH);