From fc98ec4a5985122a05d6f9b0e16c2ba01ff947d6 Mon Sep 17 00:00:00 2001
From: gnezdo <gnezdo@openbsd.org>
Date: Wed, 28 Sep 2022 16:44:14 +0000
Subject: [PATCH] Fix incorrect range check for size in setvbuf

From enh AT google.com:

The existing test is wrong for LP64, where size_t has twice as many
relevant bits as int, not just one. (Found by inspection by
rprichard.)

Looks good to deraadt@ and millert@
---
 lib/libc/stdio/setvbuf.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/libc/stdio/setvbuf.c b/lib/libc/stdio/setvbuf.c
index 9a08d133f5f..74a1695a695 100644
--- a/lib/libc/stdio/setvbuf.c
+++ b/lib/libc/stdio/setvbuf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: setvbuf.c,v 1.14 2016/09/21 04:38:56 guenther Exp $ */
+/*	$OpenBSD: setvbuf.c,v 1.15 2022/09/28 16:44:14 gnezdo Exp $ */
 /*-
  * Copyright (c) 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -31,6 +31,7 @@
  * SUCH DAMAGE.
  */
 
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include "local.h"
@@ -52,7 +53,7 @@ setvbuf(FILE *fp, char *buf, int mode, size_t size)
 	 * when setting _IONBF.
 	 */
 	if (mode != _IONBF)
-		if ((mode != _IOFBF && mode != _IOLBF) || (int)size < 0)
+		if ((mode != _IOFBF && mode != _IOLBF) || size > INT_MAX)
 			return (EOF);
 
 	/*
-- 
2.20.1