From 8b5cff6c0a2ed9b92b8172fb0ecdfb99f40db9f6 Mon Sep 17 00:00:00 2001
From: "Piotr Kosko/Native/Web API (PLT) /SRPOL/Engineer/Samsung Electronics"
 <p.kosko@samsung.com>
Date: Mon, 10 Feb 2020 13:22:35 +0100
Subject: [PATCH] [Filesystem] Fixing SVACE issue 423267

Preventing integer overflow during subtraction.

Change-Id: I5ea92045a0b3b12641cba8c05de914f71997dae9
---
 src/filesystem/filesystem_instance.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/filesystem/filesystem_instance.cc b/src/filesystem/filesystem_instance.cc
index ffea27a..0e71a14 100644
--- a/src/filesystem/filesystem_instance.cc
+++ b/src/filesystem/filesystem_instance.cc
@@ -335,13 +335,15 @@ static std::vector<std::uint8_t> read_file(std::string path, long offset = 0,
     }
   };
 
-  if (0 != offset && 0 != std::fseek(file, offset, SEEK_SET)) {
+  auto size = file_size(file);
+  if (offset < 0 || size <= (size_t)offset ||
+      (0 != offset && 0 != std::fseek(file, offset, SEEK_SET))) {
     std::string err_msg = std::string("Cannot perform seek. ") + GetErrorString(errno);
     throw std::system_error{errno, std::generic_category(), err_msg};
   }
 
   if (NPOS == length) {
-    length = file_size(file) - offset;
+    length = size - offset;
   }
 
   return read_file(file, length);
-- 
2.7.4