From 76bbcf2ed61d326bae3e37e1941e2a8674840462 Mon Sep 17 00:00:00 2001
From: Pascal Massimino <pascal.massimino@gmail.com>
Date: Mon, 12 Dec 2016 13:40:40 -0800
Subject: [PATCH] fix a potential overflow with MALLOC_LIMIT

BUG=webp:321

Change-Id: Iab89dfe167fb394fcdffd3b2732d4ac9bef764b0
---
 src/utils/utils.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/utils/utils.c b/src/utils/utils.c
index 8083f544..217cad88 100644
--- a/src/utils/utils.c
+++ b/src/utils/utils.c
@@ -175,8 +175,12 @@ static int CheckSizeArgumentsOverflow(uint64_t nmemb, size_t size) {
   }
 #endif
 #if defined(MALLOC_LIMIT)
-  if (mem_limit > 0 && total_mem + total_size >= mem_limit) {
-    return 0;   // fake fail!
+  if (mem_limit > 0) {
+    const uint64_t new_total_mem = (uint64_t)total_mem + total_size;
+    if (new_total_mem != (size_t)new_total_mem ||
+        new_total_mem > mem_limit) {
+      return 0;   // fake fail!
+    }
   }
 #endif