From 1ffc2608b033e1e4ea9ae382e04f49e7bd457d8b Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 13 Jul 2022 21:00:52 +0100
Subject: [PATCH] Check for overflow when copying buffers with huge offset
 values

---
 libfwupdplugin/fu-mem.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libfwupdplugin/fu-mem.c b/libfwupdplugin/fu-mem.c
index 1549176d4..773fb5f8e 100644
--- a/libfwupdplugin/fu-mem.c
+++ b/libfwupdplugin/fu-mem.c
@@ -342,7 +342,7 @@ fu_memcpy_safe(guint8 *dst,
 			    (guint)src_sz);
 		return FALSE;
 	}
-	if (n + src_offset > src_sz) {
+	if (src_offset > src_sz || n + src_offset > src_sz) {
 		g_set_error(error,
 			    FWUPD_ERROR,
 			    FWUPD_ERROR_READ,
@@ -361,7 +361,7 @@ fu_memcpy_safe(guint8 *dst,
 			    (guint)dst_sz);
 		return FALSE;
 	}
-	if (n + dst_offset > dst_sz) {
+	if (dst_offset > dst_sz || n + dst_offset > dst_sz) {
 		g_set_error(error,
 			    FWUPD_ERROR,
 			    FWUPD_ERROR_WRITE,