From a1d77da6d60b493c9d0a8806b00ec6c1a764e6e1 Mon Sep 17 00:00:00 2001
From: Reda Chouk <reda@wolfssl.com>
Date: Thu, 19 Dec 2024 17:16:12 +0100
Subject: [PATCH] fix: cast int operands to size_t in bio buffer size calc to
 prevent loss of precision

---
 src/bio.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/bio.c b/src/bio.c
index e6a5ca4e0c..3e483437d5 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -610,8 +610,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
     if (len == 0)
         return WOLFSSL_SUCCESS; /* Return early to make logic simpler */
 
-    if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, (size_t)(bio->wrSz + len), 0)
-            == 0) {
+    if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) +
+                                                    ((size_t)len), 0) == 0) {
         WOLFSSL_MSG("Error growing memory area");
         return WOLFSSL_FAILURE;
     }
@@ -1322,7 +1322,8 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
         if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) {
             /* in wrap around state where beginning of buffer is being
              * overwritten */
-            return (size_t)(pair->wrSz - pair->rdIdx + pair->wrIdx);
+            return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) +
+                                                ((size_t)pair->wrIdx);
         }
         else {
             /* simple case where has not wrapped around */