From 2e381a717f69b0231032687043e195d09901f109 Mon Sep 17 00:00:00 2001
From: nightmareci <nightmareci@gmail.com>
Date: Thu, 23 Jan 2025 15:47:55 -0800
Subject: [PATCH] Fix possible integer overflow of size + 1

---
 src/io/SDL_iostream.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/io/SDL_iostream.c b/src/io/SDL_iostream.c
index adaf5e047e..7f97dfeb3c 100644
--- a/src/io/SDL_iostream.c
+++ b/src/io/SDL_iostream.c
@@ -1153,7 +1153,7 @@ void *SDL_LoadFile_IO(SDL_IOStream *src, size_t *datasize, bool closeio)
         size = FILE_CHUNK_SIZE;
         loading_chunks = true;
     }
-    if (size >= SDL_SIZE_MAX) {
+    if (size >= SDL_SIZE_MAX - 1) {
         goto done;
     }
     data = (char *)SDL_malloc((size_t)(size + 1));
@@ -1166,7 +1166,7 @@ void *SDL_LoadFile_IO(SDL_IOStream *src, size_t *datasize, bool closeio)
         if (loading_chunks) {
             if ((size_total + FILE_CHUNK_SIZE) > size) {
                 size = (size_total + FILE_CHUNK_SIZE);
-                if (size >= SDL_SIZE_MAX) {
+                if (size >= SDL_SIZE_MAX - 1) {
                     newdata = NULL;
                 } else {
                     newdata = (char *)SDL_realloc(data, (size_t)(size + 1));