From bf1ad160788e396987a0969626e6c05649943581 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 3 Apr 2021 22:51:05 +0200
Subject: [PATCH] LibC: Fix FILE::flush() passing bogus arguments to lseek()

This was a regression from the 64-bit off_t changes.

When dropping buffered data after a flush, we would subtract the
buffered amount from zero to get the seek offset. This didn't work
right since the subtraction was done with a 32-bit size_t and we
ended up with e.g (i64)0xfffffffc as the offset.

Fixes #6003.
---
 Userland/Libraries/LibC/stdio.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibC/stdio.cpp b/Userland/Libraries/LibC/stdio.cpp
index 99b19ca8f8..f847e10b4b 100644
--- a/Userland/Libraries/LibC/stdio.cpp
+++ b/Userland/Libraries/LibC/stdio.cpp
@@ -175,12 +175,12 @@ bool FILE::flush()
     }
     if (m_mode & O_RDONLY) {
         // When open for reading, just drop the buffered data.
-        size_t had_buffered = m_buffer.buffered_size();
+        VERIFY(m_buffer.buffered_size() <= NumericLimits<off_t>::max());
+        off_t had_buffered = m_buffer.buffered_size();
         m_buffer.drop();
         // Attempt to reset the underlying file position to what the user
         // expects.
-        int rc = lseek(m_fd, -had_buffered, SEEK_CUR);
-        if (rc < 0) {
+        if (lseek(m_fd, -had_buffered, SEEK_CUR) < 0) {
             if (errno == ESPIPE) {
                 // We can't set offset on this file; oh well, the user will just
                 // have to cope.