Add negative offset checks to fseeko

These were not strictly needed before, as lseek would error on negative
arguments, but having added open_memstream we have a virtual file pointer
that assumes that it gets sane values, so we get an assertion triggered
on a negative value. Best to check in one place rather than at all the
relevant points.

lib/libc/stdio/fseeko.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: fseeko.c,v 1.12 2012/03/27 15:05:42 christos Exp $	*/
+/*	$NetBSD: fseeko.c,v 1.13 2014/10/19 11:17:43 justin Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993
@@ -34,7 +34,7 @@
 
 #include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: fseeko.c,v 1.12 2012/03/27 15:05:42 christos Exp $");
+__RCSID("$NetBSD: fseeko.c,v 1.13 2014/10/19 11:17:43 justin Exp $");
 #endif /* LIBC_SCCS and not lint */
 
 #include "namespace.h"
@@ -115,11 +115,21 @@ fseeko(FILE *fp, off_t offset, int whence)
 			curoff += fp->_p - fp->_bf._base;
 
 		offset += curoff;
+		if (offset < 0) {
+			errno = EINVAL;
+			FUNLOCKFILE(fp);
+			return -1;
+		}	
 		whence = SEEK_SET;
 		havepos = 1;
 		break;
 
 	case SEEK_SET:
+		if (offset < 0) {
+			errno = EINVAL;
+			FUNLOCKFILE(fp);
+			return -1;
+		}
 	case SEEK_END:
 		curoff = 0;		/* XXX just to keep gcc quiet */
 		havepos = 0;

tests/lib/libc/stdio/t_open_memstream.c

@@ -16,7 +16,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_open_memstream.c,v 1.1 2014/10/15 21:55:34 justin Exp $");
+__RCSID("$NetBSD: t_open_memstream.c,v 1.2 2014/10/19 11:17:43 justin Exp $");
 
 #include <atf-c.h>
 #include <err.h>
@@ -53,6 +53,7 @@ ATF_TC_BODY(test_open_memstream, tc)
 	ATF_CHECK(fflush(fp) == 0);
 	ATF_CHECK(size == 0);
 	ATF_CHECK(buf != (char *)0xff);
+	ATF_CHECK(fseek(fp, -6, SEEK_SET) == -1);
 	ATF_CHECK(fseek(fp, OFFSET, SEEK_SET) == 0);
 	ATF_CHECK(fprintf(fp, hello) != EOF);
 	ATF_CHECK(fflush(fp) != EOF);