>From 6aafd2a92b4bb48937f3e767e51a4b7abf2f2217 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 29 Aug 2021 12:58:49 -0700
Subject: [PATCH] base32, base64: treat negative sizes as overflows

* lib/base64.c (base64_encode_alloc):
* lib/base32.c (base32_encode_alloc):
Treat negative sizes as overflows, for better compatibility
with previous API.
---
 ChangeLog    | 8 ++++++++
 lib/base32.c | 6 ++++--
 lib/base64.c | 6 ++++--
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ce9a2b366..ee933c9ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2021-08-29  Paul Eggert  <eggert@cs.ucla.edu>
+
+	base32, base64: treat negative sizes as overflows
+	* lib/base64.c (base64_encode_alloc):
+	* lib/base32.c (base32_encode_alloc):
+	Treat negative sizes as overflows, for better compatibility
+	with previous API.
+
 2021-08-29  Bruno Haible  <bruno@clisp.org>
 
 	explicit_bzero test: Fix test failure due to GCC optimizations.
diff --git a/lib/base32.c b/lib/base32.c
index e3f2f9b4c..037747d80 100644
--- a/lib/base32.c
+++ b/lib/base32.c
@@ -141,9 +141,11 @@ base32_encode (const char *restrict in, idx_t inlen,
 idx_t
 base32_encode_alloc (const char *in, idx_t inlen, char **out)
 {
-  /* Check for overflow in outlen computation.  */
+  /* Check for overflow in outlen computation.
+     Treat negative INLEN as overflow, for better compatibility with
+     pre-2021-08-27 API, which used size_t.  */
   idx_t in_over_5 = inlen / 5 + (inlen % 5 != 0), outlen;
-  if (! INT_MULTIPLY_OK (in_over_5, 8, &outlen))
+  if (! INT_MULTIPLY_OK (in_over_5, 8, &outlen) || inlen < 0)
     {
       *out = NULL;
       return 0;
diff --git a/lib/base64.c b/lib/base64.c
index 4611fe548..b204cb711 100644
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -146,9 +146,11 @@ base64_encode (const char *restrict in, idx_t inlen,
 idx_t
 base64_encode_alloc (const char *in, idx_t inlen, char **out)
 {
-  /* Check for overflow in outlen computation.  */
+  /* Check for overflow in outlen computation.
+     Treat negative INLEN as overflow, for better compatibility with
+     pre-2021-08-27 API, which used size_t.  */
   idx_t in_over_3 = inlen / 3 + (inlen % 3 != 0), outlen;
-  if (! INT_MULTIPLY_OK (in_over_3, 4, &outlen))
+  if (! INT_MULTIPLY_OK (in_over_3, 4, &outlen) || inlen < 0)
     {
       *out = NULL;
       return 0;
-- 
2.30.2