From 0450c2bef1906d0ae9b29ea6009e19c826866342 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Fri, 13 Mar 2026 22:59:48 +0000
Subject: util/nvmutil: move libc check to prw()

this still gets done from rw_once, but
it's generic enough that we want it in
our prw() wrapper function.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 14891918..68627d3a 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -1640,8 +1640,7 @@ read_again:
 	if (rv < 0)
 		return -1;
 
-	if ((size_t)rv > SSIZE_MAX /* theoretical buggy libc */
-	    || (size_t)rv > (nrw - rc))/* don't overflow */
+	if ((size_t)rv > (nrw - rc))/* don't overflow */
 		goto err_rw_file_once;
 
 	if (rv != 0)
@@ -1730,6 +1729,20 @@ try_rw_again:
 			r = read(fd, mem, nrw);
 		else if (rw_type == IO_PWRITE)
 			r = write(fd, mem, nrw);
+		if ((size_t)r > SSIZE_MAX) {
+			/*
+			 * Theoretical buggy libc.
+			 * Specifications never
+			 * allow this return value
+			 * to exceed SSIZE_MAX, but
+			 * spec != implementation
+			 */
+			errno = EIO;
+			r = -1;
+
+			/* Don't use the goto here.
+			   We need to reset lseek */
+		}
 	} while (r < 0 && errno == EINTR);
 
 	saved_errno = errno;
-- 
cgit v1.2.1