Description: Fix unsigned integer overflow
 and fix regression caused by that fix
 related CVE:
 https://security-tracker.debian.org/tracker/CVE-2022-48468
Author: 10054172 <hui.zhang@thalesgroup.com>, Todd C. Miller <Todd.Miller@sudo.ws>
Origin: other
Bug: https://github.com/protobuf-c/protobuf-c/issues/499
Last-Update: 2023-04-20
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/protobuf-c/protobuf-c.c
+++ b/src/protobuf-c/protobuf-c.c
@@ -2456,10 +2456,13 @@
 			return FALSE;
 
 		def_mess = scanned_member->field->default_value;
-		subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
-						 allocator,
-						 len - pref_len,
-						 data + pref_len);
+		if (len >= pref_len)
+			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+							 allocator,
+							 len - pref_len,
+							 data + pref_len);
+		else
+			subm = NULL;
 
 		if (maybe_clear &&
 		    *pmessage != NULL &&