prevent write-past-end-of-buffer when signed value wraps

libretro · Nov 4, 2023 · 72ad154 · 72ad154
1 parent b703cd9
commit 72ad154
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/deps/rcheevos/src/rcheevos/alloc.c b/deps/rcheevos/src/rcheevos/alloc.c
@@ -22,11 +22,13 @@ void* rc_alloc_scratch(void* pointer, int32_t* offset, uint32_t size, uint32_t a
   buffer = &scratch->buffer;
   do {
     const uint32_t aligned_buffer_offset = (buffer->offset + alignment - 1) & ~(alignment - 1);
-    const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
+    if (aligned_buffer_offset < sizeof(buffer->buffer)) {
+      const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
 
-    if (remaining >= size) {
-      /* claim the required space from an existing buffer */
-      return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
+      if (remaining >= size) {
+        /* claim the required space from an existing buffer */
+        return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
+      }
     }
 
     if (!buffer->next)