From bcc54a5c42642b2d9feb9076fae1c2322054809f Mon Sep 17 00:00:00 2001
From: kre <kre@NetBSD.org>
Date: Wed, 23 Jan 2019 02:48:48 +0000
Subject: [PATCH] And as long as we're attempting to achieve perfection in code
 that is never going to be executed, let's also check for possible overflow in
 a sum that will never be computed...

---
 lib/libwrap/expandm.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/libwrap/expandm.c b/lib/libwrap/expandm.c
index d5046d6d382b..af13ac2fdfcd 100644
--- a/lib/libwrap/expandm.c
+++ b/lib/libwrap/expandm.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: expandm.c,v 1.10 2019/01/23 02:32:06 kre Exp $	*/
+/*	$NetBSD: expandm.c,v 1.11 2019/01/23 02:48:48 kre Exp $	*/
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: expandm.c,v 1.10 2019/01/23 02:32:06 kre Exp $");
+__RCSID("$NetBSD: expandm.c,v 1.11 2019/01/23 02:48:48 kre Exp $");
 
 #include <limits.h>
 #include <stdio.h>
@@ -68,7 +68,19 @@ expandm(const char *fmt, const char *sf, char **rbuf)
 		 */
 		if (__predict_false(nlen >= INT_MAX)) {
 			size_t blen = buf ? strlen(buf) : 0;
-			size_t tlen = nlen + blen;
+			size_t tlen;
+
+			/*
+			 * if we would overflow a ptrdiff_t when computing
+			 * tlen, then don't bother.  The format string is
+			 * simply too large to be converted.
+			 */
+			if (blen >= PTRDIFF_MAX ||
+			    nlen >= PTRDIFF_MAX - blen ||
+			    nlen >= SIZE_T_MAX - blen)
+				goto out;
+
+			tlen = nlen + blen;
 
 			/*
 			 * We can't exceed PTRDIFF_MAX because we would