From 543ef578c3304661713950b37abd0c916f52ecf0 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 25 Aug 2015 23:42:01 -0700
Subject: [PATCH] Fix broken overflow check in posix_fallocate [BZ 18873]

* sysdeps/posix/posix_fallocate.c (posix_fallocate):
* sysdeps/posix/posix_fallocate64.c (__posix_fallocate64_l64):
Fix parenthesization typo.
---
 ChangeLog                         | 8 ++++++++
 NEWS                              | 2 +-
 sysdeps/posix/posix_fallocate.c   | 2 +-
 sysdeps/posix/posix_fallocate64.c | 2 +-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 99129d3..09224e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-08-31  Paul Eggert  <eggert@cs.ucla.edu>
+
+	[BZ #18873]
+	Fix broken overflow check in posix_fallocate
+	* sysdeps/posix/posix_fallocate.c (posix_fallocate):
+	* sysdeps/posix/posix_fallocate64.c (__posix_fallocate64_l64):
+	Fix parenthesization typo.
+
 2015-08-28  Mike Frysinger  <vapier@gentoo.org>
 
 	[BZ #18887]
diff --git a/NEWS b/NEWS
index e91d669..20fa6ac 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,7 @@ Version 2.23
   2898, 14341, 15786, 16141, 16517, 16519, 16520, 16734, 16973, 17787,
   17905, 18084, 18086, 18240, 18265, 18370, 18421, 18480, 18525, 18610,
   18618, 18647, 18661, 18674, 18681, 18778, 18781, 18787, 18789, 18790,
-  18795, 18796, 18820, 18823, 18824, 18863, 18887.
+  18795, 18796, 18820, 18823, 18824, 18863, 18873, 18887.
 
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.
diff --git a/sysdeps/posix/posix_fallocate.c b/sysdeps/posix/posix_fallocate.c
index e7fe201..d0479a6 100644
--- a/sysdeps/posix/posix_fallocate.c
+++ b/sysdeps/posix/posix_fallocate.c
@@ -37,7 +37,7 @@ posix_fallocate (int fd, __off_t offset, __off_t len)
 
   /* Perform overflow check.  The outer cast relies on a GCC
      extension.  */
-  if ((__off_t) ((uint64_t) offset) + ((uint64_t) len) < 0)
+  if ((__off_t) ((uint64_t) offset + (uint64_t) len) < 0)
     return EFBIG;
 
   /* pwrite below will not do the right thing in O_APPEND mode.  */
diff --git a/sysdeps/posix/posix_fallocate64.c b/sysdeps/posix/posix_fallocate64.c
index ee32679..fb2dac6 100644
--- a/sysdeps/posix/posix_fallocate64.c
+++ b/sysdeps/posix/posix_fallocate64.c
@@ -37,7 +37,7 @@ __posix_fallocate64_l64 (int fd, __off64_t offset, __off64_t len)
 
   /* Perform overflow check.  The outer cast relies on a GCC
      extension.  */
-  if ((__off64_t) ((uint64_t) offset) + ((uint64_t) len) < 0)
+  if ((__off64_t) ((uint64_t) offset + (uint64_t) len) < 0)
     return EFBIG;
 
   /* pwrite64 below will not do the right thing in O_APPEND mode.  */
-- 
2.7.4