prevent write-past-end-of-buffer when signed value wraps (#15868)

2025-03-02 19:13:34 +00:00 · 2023-11-05 16:32:46 -07:00 · 2023-11-05 16:32:46 -07:00 · b43e1f3caf
commit b43e1f3caf
parent 1a97b0edd4
1 changed files with 6 additions and 4 deletions
--- a/deps/rcheevos/src/rcheevos/alloc.c
+++ b/deps/rcheevos/src/rcheevos/alloc.c
@ -22,11 +22,13 @@ void* rc_alloc_scratch(void* pointer, int32_t* offset, uint32_t size, uint32_t a
  buffer = &scratch->buffer;
  do {
    const uint32_t aligned_buffer_offset = (buffer->offset + alignment - 1) & ~(alignment - 1);
-    const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
+    if (aligned_buffer_offset < sizeof(buffer->buffer)) {
+      const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;

-    if (remaining >= size) {
-      /* claim the required space from an existing buffer */
-      return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
+      if (remaining >= size) {
+        /* claim the required space from an existing buffer */
+        return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
+      }
    }

    if (!buffer->next)