2 files changed, 25 insertions, 0 deletions

diff --git a/Kernel/FileSystem/FileDescription.cpp b/Kernel/FileSystem/FileDescription.cpp
index 27443230ab..b56e4743ba 100644
--- a/Kernel/FileSystem/FileDescription.cpp
+++ b/Kernel/FileSystem/FileDescription.cpp
@@ -105,6 +105,8 @@ off_t FileDescription::seek(off_t offset, int whence)
 ssize_t FileDescription::read(u8* buffer, ssize_t count)
 {
     LOCKER(m_lock);
+    if ((m_current_offset + count) < 0)
+        return -EOVERFLOW;
     SmapDisabler disabler;
     int nread = m_file->read(*this, buffer, count);
     if (nread > 0 && m_file->is_seekable())
@@ -115,6 +117,8 @@ ssize_t FileDescription::read(u8* buffer, ssize_t count)
 ssize_t FileDescription::write(const u8* data, ssize_t size)
 {
     LOCKER(m_lock);
+    if ((m_current_offset + size) < 0)
+        return -EOVERFLOW;
     SmapDisabler disabler;
     int nwritten = m_file->write(*this, data, size);
     if (nwritten > 0 && m_file->is_seekable())
diff --git a/Userland/test_io.cpp b/Userland/test_io.cpp
index 2d2982f626..b34a7e762d 100644
--- a/Userland/test_io.cpp
+++ b/Userland/test_io.cpp
@@ -188,6 +188,26 @@ void test_unlink_symlink()
     }
 }
 
+void test_eoverflow()
+{
+    int fd = open("/tmp/x", O_RDWR);
+    ASSERT(fd >= 0);
+
+    int rc = lseek(fd, INT32_MAX, SEEK_SET);
+    ASSERT(rc == INT32_MAX);
+
+    char buffer[16];
+    rc = read(fd, buffer, sizeof(buffer));
+    if (rc >= 0 || errno != EOVERFLOW) {
+        fprintf(stderr, "Expected EOVERFLOW when trying to read past INT32_MAX\n");
+    }
+    rc = write(fd, buffer, sizeof(buffer));
+    if (rc >= 0 || errno != EOVERFLOW) {
+        fprintf(stderr, "Expected EOVERFLOW when trying to write past INT32_MAX\n");
+    }
+    close(fd);
+}
+
 int main(int, char**)
 {
     int rc;
@@ -211,6 +231,7 @@ int main(int, char**)
     test_procfs_read_past_end();
     test_open_create_device();
     test_unlink_symlink();
+    test_eoverflow();
 
     return 0;
 }