From 31b7fb3c40428c0ed93a288bf3f0304a9afa451c Mon Sep 17 00:00:00 2001
From: Steve Karg <steve@kargs.net>
Date: Sat, 12 Jun 2021 22:37:51 -0500
Subject: [PATCH] Fix keylist signed integer wraparound (#179)

* Fix keylist signed integer wraparound

Fix the keylist to handle large number of nodes where the signed integer
would wrap around.

* Add explict keylist new size case for less than zero

Co-authored-by: Steve Karg <skarg@users.sourceforge.net>
Co-authored-by: Steve Karg <steve.karg@legrand.us>
---
 src/bacnet/basic/sys/keylist.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/bacnet/basic/sys/keylist.c b/src/bacnet/basic/sys/keylist.c
index bb65a1e8..0e7dd8c9 100644
--- a/src/bacnet/basic/sys/keylist.c
+++ b/src/bacnet/basic/sys/keylist.c
@@ -101,7 +101,7 @@ static int CheckArraySize(OS_Keylist list)
     } else if ((list->size > chunk) && (list->count < (list->size - chunk))) {
         new_size = list->size - chunk;
     }
-    if (new_size) {
+    if (new_size > 0) {
         /* Allocate more room for node pointer array */
         new_array = calloc((size_t)new_size, sizeof(struct Keylist_Node *));
 
@@ -119,7 +119,10 @@ static int CheckArraySize(OS_Keylist list)
         }
         list->array = new_array;
         list->size = new_size;
+    } else if (new_size < 0) {
+        return FALSE;
     }
+
     return TRUE;
 }