From 53434e24a0814c4b16499df3e2eb9ba3dee536ec Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Sun, 15 Mar 2026 01:14:29 +0000
Subject: util/nvmutil: fix theoretical buffer overflow

i already guard offsets in io_args, but it's best
to be thorough here.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index d05d25ce..a869e604 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -1917,6 +1917,8 @@ rw_file_exact(int fd, u8 *mem, size_t nrw,
 
 		mem_cur = (void *)(mem + (size_t)rc);
 		nrw_cur = (size_t)(nrw - (size_t)rc);
+		if (off < 0)
+			goto err_rw_file_exact;
 		off_cur = (off_t)((size_t)off + (size_t)rc);
 
 		rv = prw(fd, mem_cur, nrw_cur, off_cur,
-- 
cgit v1.2.1