1) Disallow negative seek as POSIX require for fseek{o} (but not for lseek):

"[EINVAL] ... The resulting file-position indicator would be set to a
negative value."

Moreover, in real life negative seek in stdio cause EOF indicator cleared
and not set again forever even if EOF returned.

2) Catch few possible off_t overflows.

Reviewed by:	arch discussion

1 files changed, 23 insertions, 0 deletions

diff --git a/lib/libc/stdio/fseek.c b/lib/libc/stdio/fseek.c
index b434350..d311f7a 100644
--- a/lib/libc/stdio/fseek.c
+++ b/lib/libc/stdio/fseek.c
@@ -132,12 +132,26 @@ _fseeko(fp, offset, whence)
 		} else if (fp->_flags & __SWR && fp->_p != NULL)
 			curoff += fp->_p - fp->_bf._base;
 
+		if (offset > 0 && offset + (off_t)curoff < 0) {
+			errno = EOVERFLOW;
+			return (EOF);
+		}
 		offset += curoff;
+		/* Disallow negative seeks per POSIX */
+		if (offset < 0) {
+			errno = EINVAL;
+			return (EOF);
+		}
 		whence = SEEK_SET;
 		havepos = 1;
 		break;
 
 	case SEEK_SET:
+		/* Disallow negative seeks per POSIX */
+		if (offset < 0) {
+			errno = EINVAL;
+			return (EOF);
+		}
 	case SEEK_END:
 		curoff = 0;		/* XXX just to keep gcc quiet */
 		havepos = 0;
@@ -180,7 +194,16 @@ _fseeko(fp, offset, whence)
 	else {
 		if (_fstat(fp->_file, &st))
 			goto dumb;
+		if (offset > 0 && st.st_size + offset < 0) {
+			errno = EOVERFLOW;
+			return (EOF);
+		}
 		target = st.st_size + offset;
+		/* Disallow negative seeks per POSIX */
+		if ((off_t)target < 0) {
+			errno = EINVAL;
+			return (EOF);
+		}
 	}
 
 	if (!havepos) {