From 543ef578c3304661713950b37abd0c916f52ecf0 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 25 Aug 2015 23:42:01 -0700
Subject: [PATCH] Fix broken overflow check in posix_fallocate [BZ 18873]

* sysdeps/posix/posix_fallocate.c (posix_fallocate):
* sysdeps/posix/posix_fallocate64.c (__posix_fallocate64_l64):
Fix parenthesization typo.
---
 ChangeLog                         | 8 ++++++++
 NEWS                              | 2 +-
 sysdeps/posix/posix_fallocate.c   | 2 +-
 sysdeps/posix/posix_fallocate64.c | 2 +-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 99129d39a5..09224e91d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-08-31  Paul Eggert  <eggert@cs.ucla.edu>
+
+	[BZ #18873]
+	Fix broken overflow check in posix_fallocate
+	* sysdeps/posix/posix_fallocate.c (posix_fallocate):
+	* sysdeps/posix/posix_fallocate64.c (__posix_fallocate64_l64):
+	Fix parenthesization typo.
+
 2015-08-28  Mike Frysinger  <vapier@gentoo.org>
 
 	[BZ #18887]
diff --git a/NEWS b/NEWS
index e91d669608..20fa6ac000 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,7 @@ Version 2.23
   2898, 14341, 15786, 16141, 16517, 16519, 16520, 16734, 16973, 17787,
   17905, 18084, 18086, 18240, 18265, 18370, 18421, 18480, 18525, 18610,
   18618, 18647, 18661, 18674, 18681, 18778, 18781, 18787, 18789, 18790,
-  18795, 18796, 18820, 18823, 18824, 18863, 18887.
+  18795, 18796, 18820, 18823, 18824, 18863, 18873, 18887.
 
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.
diff --git a/sysdeps/posix/posix_fallocate.c b/sysdeps/posix/posix_fallocate.c
index e7fe201b68..d0479a6ee5 100644
--- a/sysdeps/posix/posix_fallocate.c
+++ b/sysdeps/posix/posix_fallocate.c
@@ -37,7 +37,7 @@ posix_fallocate (int fd, __off_t offset, __off_t len)
 
   /* Perform overflow check.  The outer cast relies on a GCC
      extension.  */
-  if ((__off_t) ((uint64_t) offset) + ((uint64_t) len) < 0)
+  if ((__off_t) ((uint64_t) offset + (uint64_t) len) < 0)
     return EFBIG;
 
   /* pwrite below will not do the right thing in O_APPEND mode.  */
diff --git a/sysdeps/posix/posix_fallocate64.c b/sysdeps/posix/posix_fallocate64.c
index ee32679a05..fb2dac6e13 100644
--- a/sysdeps/posix/posix_fallocate64.c
+++ b/sysdeps/posix/posix_fallocate64.c
@@ -37,7 +37,7 @@ __posix_fallocate64_l64 (int fd, __off64_t offset, __off64_t len)
 
   /* Perform overflow check.  The outer cast relies on a GCC
      extension.  */
-  if ((__off64_t) ((uint64_t) offset) + ((uint64_t) len) < 0)
+  if ((__off64_t) ((uint64_t) offset + (uint64_t) len) < 0)
     return EFBIG;
 
   /* pwrite64 below will not do the right thing in O_APPEND mode.  */