From b43e1f3caffc92be9a232f76032dd2e2d068d913 Mon Sep 17 00:00:00 2001
From: Jamiras <32680403+Jamiras@users.noreply.github.com>
Date: Sun, 5 Nov 2023 16:32:46 -0700
Subject: [PATCH] prevent write-past-end-of-buffer when signed value wraps
 (#15868)

---
 deps/rcheevos/src/rcheevos/alloc.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/deps/rcheevos/src/rcheevos/alloc.c b/deps/rcheevos/src/rcheevos/alloc.c
index 7c2af1f38a..a4ebdbf66b 100644
--- a/deps/rcheevos/src/rcheevos/alloc.c
+++ b/deps/rcheevos/src/rcheevos/alloc.c
@@ -22,11 +22,13 @@ void* rc_alloc_scratch(void* pointer, int32_t* offset, uint32_t size, uint32_t a
   buffer = &scratch->buffer;
   do {
     const uint32_t aligned_buffer_offset = (buffer->offset + alignment - 1) & ~(alignment - 1);
-    const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
+    if (aligned_buffer_offset < sizeof(buffer->buffer)) {
+      const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
 
-    if (remaining >= size) {
-      /* claim the required space from an existing buffer */
-      return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
+      if (remaining >= size) {
+        /* claim the required space from an existing buffer */
+        return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
+      }
     }
 
     if (!buffer->next)