3 files changed, 16 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index ce9a2b3664..ee933c9efa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2021-08-29  Paul Eggert  <eggert@cs.ucla.edu>
+
+	base32, base64: treat negative sizes as overflows
+	* lib/base64.c (base64_encode_alloc):
+	* lib/base32.c (base32_encode_alloc):
+	Treat negative sizes as overflows, for better compatibility
+	with previous API.
+
 2021-08-29  Bruno Haible  <bruno@clisp.org>
 
 	explicit_bzero test: Fix test failure due to GCC optimizations.
diff --git a/lib/base32.c b/lib/base32.c
index e3f2f9b4c1..037747d80d 100644
--- a/lib/base32.c
+++ b/lib/base32.c
@@ -141,9 +141,11 @@ base32_encode (const char *restrict in, idx_t inlen,
 idx_t
 base32_encode_alloc (const char *in, idx_t inlen, char **out)
 {
-  /* Check for overflow in outlen computation.  */
+  /* Check for overflow in outlen computation.
+     Treat negative INLEN as overflow, for better compatibility with
+     pre-2021-08-27 API, which used size_t.  */
   idx_t in_over_5 = inlen / 5 + (inlen % 5 != 0), outlen;
-  if (! INT_MULTIPLY_OK (in_over_5, 8, &outlen))
+  if (! INT_MULTIPLY_OK (in_over_5, 8, &outlen) || inlen < 0)
     {
       *out = NULL;
       return 0;
diff --git a/lib/base64.c b/lib/base64.c
index 4611fe5485..b204cb7117 100644
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -146,9 +146,11 @@ base64_encode (const char *restrict in, idx_t inlen,
 idx_t
 base64_encode_alloc (const char *in, idx_t inlen, char **out)
 {
-  /* Check for overflow in outlen computation.  */
+  /* Check for overflow in outlen computation.
+     Treat negative INLEN as overflow, for better compatibility with
+     pre-2021-08-27 API, which used size_t.  */
   idx_t in_over_3 = inlen / 3 + (inlen % 3 != 0), outlen;
-  if (! INT_MULTIPLY_OK (in_over_3, 4, &outlen))
+  if (! INT_MULTIPLY_OK (in_over_3, 4, &outlen) || inlen < 0)
     {
       *out = NULL;
       return 0;