From afeba0898c9647d6f593a8f6fc16864b85c8a078 Mon Sep 17 00:00:00 2001
From: Eric Semeniuc <3838856+esemeniuc@users.noreply.github.com>
Date: Wed, 11 Feb 2026 13:25:29 -0600
Subject: [PATCH] fix openssl overflow

---
 src/waltz/openssl/fd_openssl_tile.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/waltz/openssl/fd_openssl_tile.c b/src/waltz/openssl/fd_openssl_tile.c
index 4ab84c1b625..bd3ba022e5f 100644
--- a/src/waltz/openssl/fd_openssl_tile.c
+++ b/src/waltz/openssl/fd_openssl_tile.c
@@ -32,7 +32,12 @@ crypto_malloc( ulong        num,
                int          line ) {
   (void)file;
   (void)line;
-  void * result = fd_alloc_malloc( fd_ossl_alloc, 8UL, num + 8UL );
+  ulong alloc_sz;
+  if( FD_UNLIKELY( __builtin_uaddl_overflow( num, 8UL, &alloc_sz ) ) ) {
+    fd_ossl_alloc_errors++;
+    return NULL;
+  }
+  void * result = fd_alloc_malloc( fd_ossl_alloc, 8UL, alloc_sz );
   if( FD_UNLIKELY( !result ) ) {
     fd_ossl_alloc_errors++;
     return NULL;
@@ -66,7 +71,12 @@ crypto_realloc( void *       addr,
     return NULL;
   }
 
-  void * new = fd_alloc_malloc( fd_ossl_alloc, 8UL, num + 8UL );
+  ulong alloc_sz;
+  if( FD_UNLIKELY( __builtin_uaddl_overflow( num, 8UL, &alloc_sz ) ) ) {
+    fd_ossl_alloc_errors++;
+    return NULL;
+  }
+  void * new = fd_alloc_malloc( fd_ossl_alloc, 8UL, alloc_sz );
   if( FD_UNLIKELY( !new ) ) return NULL;
 
   ulong old_num = *(ulong*)( (uchar*)addr - 8UL );