From e459857d1c01fc837af61cfa3c2aef3bc3c6c108 Mon Sep 17 00:00:00 2001
From: Murai Takashi <tmurai01@gmail.com>
Date: Fri, 12 Mar 2021 20:08:23 +0900
Subject: [PATCH] BMessage: Fix declared variable-length array has negative
 size

Add checks for value of 'size', since FlattenedSize() may return
negative value (B_NO_INIT).
Pointed out by Clang Static Analyzer.

Change-Id: I68176ee47076512a0b96539f9986ac5edbb587af
Reviewed-on: https://review.haiku-os.org/c/haiku/+/3772
Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
---
 src/kits/app/Message.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/kits/app/Message.cpp b/src/kits/app/Message.cpp
index 52307b784d..2c1bbe6efe 100644
--- a/src/kits/app/Message.cpp
+++ b/src/kits/app/Message.cpp
@@ -3241,6 +3241,9 @@ BMessage::ReplaceMessage(const char* name, int32 index, const BMessage* message)
 		return B_BAD_VALUE;
 
 	ssize_t size = message->FlattenedSize();
+	if (size < 0)
+		return B_BAD_VALUE;
+
 	char buffer[size];
 
 	status_t error = message->Flatten(buffer, size);
@@ -3266,6 +3269,9 @@ BMessage::ReplaceFlat(const char* name, int32 index, BFlattenable* object)
 		return B_BAD_VALUE;
 
 	ssize_t size = object->FlattenedSize();
+	if (size < 0)
+		return B_BAD_VALUE;
+
 	char buffer[size];
 
 	status_t error = object->Flatten(buffer, size);