From a7342188425f4ed61dc89c993bb8966b452fbb3a Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 6 Dec 2016 21:35:21 +0100
Subject: [PATCH] Handle size_t in file/buffer length

The values of file sizes and buffer sizes can exceed current limits.
Therefore, use proper variable types for these operations.
---
 src/RdFToBuf.c | 4 ++++
 src/WrFFrBuf.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/RdFToBuf.c b/src/RdFToBuf.c
index 7f8ebee..69e3347 100644
--- a/src/RdFToBuf.c
+++ b/src/RdFToBuf.c
@@ -89,6 +89,10 @@ XpmReadFileToBuffer(
 	return XpmOpenFailed;
     }
     len = stats.st_size;
+    if (len < 0 || len >= SIZE_MAX) {
+	close(fd);
+	return XpmOpenFailed;
+    }
     ptr = (char *) XpmMalloc(len + 1);
     if (!ptr) {
 	fclose(fp);
diff --git a/src/WrFFrBuf.c b/src/WrFFrBuf.c
index b80aa62..0e57cc8 100644
--- a/src/WrFFrBuf.c
+++ b/src/WrFFrBuf.c
@@ -44,7 +44,7 @@ XpmWriteFileFromBuffer(
     const char	*filename,
     char	*buffer)
 {
-    int fcheck, len;
+    size_t fcheck, len;
     FILE *fp = fopen(filename, "w");
 
     if (!fp)
-- 
2.11.0