From ffc8ea2eb23fe8c74fbeb96d05b31c477767923f Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Wed, 28 Jan 2015 14:32:34 +0100
Subject: [PATCH 1/1] Add check for integer overflow in odr_write YAZ-816

---
 src/odr_mem.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/odr_mem.c b/src/odr_mem.c
index 71a10e1..9d502df 100644
--- a/src/odr_mem.c
+++ b/src/odr_mem.c
@@ -10,6 +10,7 @@
 #include <config.h>
 #endif
 
+#include <limits.h>
 #include <stdlib.h>
 #include "odr-priv.h"
 #include <yaz/xmalloc.h>
@@ -96,6 +97,11 @@ int odr_grow_block(ODR b, int min_bytes)
 
 int odr_write(ODR o, const char *buf, int bytes)
 {
+    if (bytes < 0 || o->op->pos > INT_MAX - bytes)
+    {
+        odr_seterror(o, OSPACE, 40);
+        return -1;
+    }
     if (o->op->pos + bytes >= o->op->size && odr_grow_block(o, bytes))
     {
         odr_seterror(o, OSPACE, 40);
-- 
1.7.10.4