From 32884a7ef65d4660becdf3f61efa774426760bad Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Wed, 3 Mar 2010 11:42:11 +0100
Subject: [PATCH] virFileReadLimFD: diagnose maxlen <= 0, rather than passing
 it on...

to saferead_lim, which interprets it as a size_t.
* src/util/util.c (virFileReadLimFD): Do not malfunction when
maxlen < -1.  Return -1,EINVAL in that case.  Handle maxlen==0
in the same manner.
---
 src/util/util.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/util/util.c b/src/util/util.c
index 34c585d3d5..7a3a3c4233 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1030,10 +1030,17 @@ saferead_lim (int fd, size_t max_len, size_t *length)
 
 /* A wrapper around saferead_lim that maps a failure due to
    exceeding the maximum size limitation to EOVERFLOW.  */
-int virFileReadLimFD(int fd, int maxlen, char **buf)
+int
+virFileReadLimFD(int fd, int maxlen, char **buf)
 {
     size_t len;
-    char *s = saferead_lim (fd, maxlen+1, &len);
+    char *s;
+
+    if (maxlen <= 0) {
+        errno = EINVAL;
+        return -1;
+    }
+    s = saferead_lim (fd, maxlen+1, &len);
     if (s == NULL)
         return -1;
     if (len > maxlen || (int)len != len) {