xcursor: Add protection code to do not override sign-bit

Change-Id: I02d2f5382aa84adb534322c9cb9f5c1cdcd97eb7

diff --git a/cursor/xcursor.c b/cursor/xcursor.c
index ab4d815..c1de40c 100644 (file)
--- a/cursor/xcursor.c
+++ b/cursor/xcursor.c
@@ -260,9 +260,17 @@ xcursor_read_file_header(FILE *file)
        if (!xcursor_read_uint(file, &head.ntoc))
                return NULL;
        skip = head.header - XCURSOR_FILE_HEADER_LEN;
-       if (skip)
-               if (fseek(file, skip, SEEK_CUR) == EOF)
-                       return NULL;
+       if (skip) {
+               if (skip > INT_MAX) {
+                       if (fseek(file, INT_MAX, SEEK_CUR) == EOF)
+                               return NULL;
+                       if (fseek(file, (long int)(skip - INT_MAX), SEEK_CUR) == EOF)
+                               return NULL;
+               } else {
+                       if (fseek(file, skip, SEEK_CUR) == EOF)
+                               return NULL;
+               }
+       }
        file_header = xcursor_file_header_create(head.ntoc);
        if (!file_header)
                return NULL;
@@ -290,9 +298,17 @@ xcursor_seek_to_toc(FILE *file,
                    struct xcursor_file_header *file_header,
                    int toc)
 {
-       if (!file || !file_header ||
-           fseek(file, file_header->tocs[toc].position, SEEK_SET) == EOF)
+       if (!file || !file_header)
+              return false;
+       if (file_header->tocs[toc].position > INT_MAX) {
+               if (fseek(file, INT_MAX, SEEK_SET) == EOF)
+                       return false;
+               if (fseek(file, (long int)(file_header->tocs[toc].position - INT_MAX), SEEK_CUR) == EOF)
+                       return false;
+       } else {
+           if (fseek(file, file_header->tocs[toc].position, SEEK_SET) == EOF)
                return false;
+       }
        return true;
 }