From 94721c2b0e2ae118778d5783bd35cc642f573f60 Mon Sep 17 00:00:00 2001
From: Dirk Zimoch <dirk.zimoch@psi.ch>
Date: Thu, 11 Nov 2021 11:49:23 +0100
Subject: [PATCH] fix crash due to length underflow

---
 src/ChecksumConverter.cc | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/ChecksumConverter.cc b/src/ChecksumConverter.cc
index 4a88e0b..53ffcc6 100644
--- a/src/ChecksumConverter.cc
+++ b/src/ChecksumConverter.cc
@@ -734,8 +734,13 @@ printPseudo(const StreamFormat& format, StreamBuffer& output)
     uint_fast8_t fnum = extract<uint8_t>(info);
 
     size_t start = format.width;
-    size_t length = output.length()-format.width;
-    if (format.prec > 0) length -= format.prec;
+    size_t length = output.length();
+    if (length >= start) length -= start;
+    else length = 0;
+    if (format.prec > 0) {
+        if (length >= (size_t)format.prec) length -= format.prec;
+        else length = 0;
+    }
 
     debug("ChecksumConverter %s: output to check: \"%s\"\n",
         checksumMap[fnum].name, output.expand(start,length)());
@@ -808,9 +813,13 @@ scanPseudo(const StreamFormat& format, StreamBuffer& input, size_t& cursor)
     uint32_t xorout = extract<uint32_t>(info);
     size_t start = format.width;
     uint_fast8_t fnum = extract<uint8_t>(info);
-    size_t length = cursor-format.width;
-
-    if (format.prec > 0) length -= format.prec;
+    size_t length = cursor;
+    if (length >= start) length -= start;
+    else length = 0;
+    if (format.prec > 0) {
+        if (length >= (size_t)format.prec) length -= format.prec;
+        else length = 0;
+    }
 
     debug("ChecksumConverter %s: input to check: \"%s\n",
         checksumMap[fnum].name, input.expand(start,length)());