From 8e8f7bced44c5f61e390e81d8a84a93099358453 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Thu, 26 Mar 2026 09:04:30 +0000
Subject: mkhtemp rand: fix theoretical integer overflow

extremely theoretical, with a T. T for theoretical.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/lib/rand.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'util/libreboot-utils')

diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c
index 3b20ab65..63cb3fcd 100644
--- a/util/libreboot-utils/lib/rand.c
+++ b/util/libreboot-utils/lib/rand.c
@@ -126,7 +126,7 @@ mkrstr(size_t n) /* emulates spkmodem-decode */
 	if (n == 0)
 		err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request");
 
-	if (n == SIZE_MAX)
+	if (n >= SIZE_MAX - 1)
 		err_no_cleanup(0, EOVERFLOW, "mkrbuf: overflow");
 
 	if (if_err((s = mkrbuf(n + 1)) == NULL, EFAULT))
@@ -149,6 +149,9 @@ mkrbuf(size_t n)
 	if (n == 0)
 		err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request");
 
+	if (n >= SIZE_MAX - 1)
+		err_no_cleanup(0, EOVERFLOW, "integer overflow in mkrbuf");
+
 	if ((buf = malloc(n)) == NULL)
 		err_no_cleanup(0, ENOMEM, "mkrbuf: malloc");
 
-- 
cgit v1.2.1