Merge pull request #302 from maxmind/greg/fix-ssize-check

Compare st_size with SSIZE_MAX rather than itself

Author: ugexe

.github/workflows/codeql-analysis.yml

@@ -29,7 +29,7 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
 
-    - run: sudo apt install libipc-run3-perl libfile-slurp-perl libfile-which-perl pandoc
+    - run: sudo apt install libipc-run3-perl libipc-system-simple-perl libfile-slurp-perl libfile-which-perl pandoc
     - run: |
             ./bootstrap
             ./configure

Changes.md

@@ -9,6 +9,8 @@
 * The CMake build now uses the correct library directory on Linux systems
   using alternate directory structures. Pull request by Satadru Pramanik.
   GitHub #284.
+* File size check now correctly compares the size to `SSIZE_MAX`. Reported
+  by marakew. GitHub #301.
 
 ## 1.6.0 - 2021-04-29
 

src/maxminddb.c

@@ -8,6 +8,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
+#include <limits.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
@@ -406,7 +407,6 @@ cleanup:;
 #else // _WIN32
 
 static int map_file(MMDB_s *const mmdb) {
-    ssize_t size;
     int status = MMDB_SUCCESS;
 
     int o_flags = O_RDONLY;
@@ -432,8 +432,8 @@ static int map_file(MMDB_s *const mmdb) {
         goto cleanup;
     }
 
-    size = s.st_size;
-    if (size < 0 || size != s.st_size) {
+    off_t size = s.st_size;
+    if (size < 0 || size > SSIZE_MAX) {
         status = MMDB_OUT_OF_MEMORY_ERROR;
         goto cleanup;
     }
@@ -449,7 +449,7 @@ static int map_file(MMDB_s *const mmdb) {
         goto cleanup;
     }
 
-    mmdb->file_size = size;
+    mmdb->file_size = (ssize_t)size;
     mmdb->file_content = file_content;
 
 cleanup:;