commit - 406d5a24d29a81e1741aed65acc1f1000c44f0d3
commit + 717a78d4f87c3704afe34c77e211349932575d5b
blob - f54f2893fc15259da318ff3feec0b46af5371bd7
blob + ad3725943dcaf0bdbfe390eafdf41e8b99747147
--- got/got.c
+++ got/got.c
@@ -10598,7 +10598,7 @@ histedit_syntax_error(int lineno)
 
 	ret = snprintf(msg, sizeof(msg), "histedit syntax error on line %d",
 	    lineno);
-	if (ret == -1 || ret >= sizeof(msg))
+	if (ret < 0 || (size_t)ret >= sizeof(msg))
 		return got_error(GOT_ERR_HISTEDIT_SYNTAX);
 
 	return got_error_msg(GOT_ERR_HISTEDIT_SYNTAX, msg);
blob - 545e6aba57b1fc2b355c42173b79f6085fc5132c
blob + c6ccf95e24f012d09dd077471386a59ca45b0d87
--- gotwebd/parse.y
+++ gotwebd/parse.y
@@ -201,7 +201,8 @@ main		: PREFORK NUMBER {
 			    sizeof(gotwebd->unix_socket_name), "%s%s",
 			    strlen(gotwebd->httpd_chroot) ?
 			    gotwebd->httpd_chroot : D_HTTPD_CHROOT, $2);
-			if (n < 0) {
+			if (n < 0 ||
+			    (size_t)n >= sizeof(gotwebd->unix_socket_name)) {
 				yyerror("%s: unix_socket_name truncated",
 				    __func__);
 				free($2);
@@ -366,7 +367,8 @@ serveropts1	: REPOS_PATH STRING {
 			    sizeof(new_srv->unix_socket_name), "%s%s",
 			    strlen(gotwebd->httpd_chroot) ?
 			    gotwebd->httpd_chroot : D_HTTPD_CHROOT, $2);
-			if (n < 0) {
+			if (n < 0 ||
+			    (size_t)n >= sizeof(new_srv->unix_socket_name)) {
 				yyerror("%s: unix_socket_name truncated",
 				    __func__);
 				free($2);
@@ -885,7 +887,7 @@ conf_new_server(const char *name)
 	n = snprintf(srv->unix_socket_name,
 	    sizeof(srv->unix_socket_name), "%s%s", D_HTTPD_CHROOT,
 	    D_UNIX_SOCKET);
-	if (n < 0)
+	if (n < 0 || (size_t)n >= sizeof(srv->unix_socket_name))
 		fatalx("%s: snprintf", __func__);
 	n = strlcpy(srv->repos_path, D_GOTPATH,
 	    sizeof(srv->repos_path));
blob - dfb47996e8b7eaac5442189c1f90ca704f69906f
blob + f816f6ca9b9437b918e168e92de554c7f3df27af
--- gotwebd/sockets.c
+++ gotwebd/sockets.c
@@ -179,7 +179,7 @@ sockets_dup_new_socket(struct socket *p_sock, struct s
 
 	n = snprintf(sock->conf.name, GOTWEBD_MAXTEXT, "%s_child",
 	    p_sock->conf.srv_name);
-	if (n < 0) {
+	if (n < 0 || (size_t)n >= GOTWEBD_MAXTEXT) {
 		free(p_sock->conf.al);
 		free(p_sock);
 		free(sock->conf.al);
@@ -252,7 +252,7 @@ sockets_conf_new_socket(struct gotwebd *env, struct se
 
 	n = snprintf(sock->conf.name, GOTWEBD_MAXTEXT, "%s_parent",
 	    srv->name);
-	if (n < 0) {
+	if (n < 0 || (size_t)n >= GOTWEBD_MAXTEXT) {
 		free(sock->conf.al);
 		free(sock);
 		fatalx("%s: snprintf", __func__);
blob - 210a973df2358f6e47727defc7f896614105a977
blob + bee9789607409d33d238a9d098ae9924da0f1344
--- lib/error.c
+++ lib/error.c
@@ -372,7 +372,7 @@ got_error_no_obj(struct got_object_id *id)
 		return got_error(GOT_ERR_NO_OBJ);
 
 	ret = snprintf(msg, sizeof(msg), "object %s not found", id_str);
-	if (ret == -1 || ret >= sizeof(msg))
+	if (ret < 0 || (size_t)ret >= sizeof(msg))
 		return got_error(GOT_ERR_NO_OBJ);
 
 	return got_error_msg(GOT_ERR_NO_OBJ, msg);
@@ -385,7 +385,7 @@ got_error_not_ref(const char *refname)
 	int ret;
 
 	ret = snprintf(msg, sizeof(msg), "reference %s not found", refname);
-	if (ret == -1 || ret >= sizeof(msg))
+	if (ret < 0 || (size_t)ret >= sizeof(msg))
 		return got_error(GOT_ERR_NOT_REF);
 
 	return got_error_msg(GOT_ERR_NOT_REF, msg);
blob - a299594e95978c54a3d007683921e5669c59f527
blob + 2cac987f8e4af5c0e0ecaeda1b5b37e5c55952c9
--- lib/object_create.c
+++ lib/object_create.c
@@ -273,7 +273,7 @@ te_mode2str(char *buf, size_t len, struct got_tree_ent
 		return got_error(GOT_ERR_BAD_FILETYPE);
 
 	ret = snprintf(buf, len, "%o ", mode);
-	if (ret == -1 || ret >= len)
+	if (ret < 0 || (size_t)ret >= len)
 		return got_error(GOT_ERR_NO_SPACE);
 	return NULL;
 }
blob - a845118f6e6f64c5061dd5eef11341341e9ad2ff
blob + 52cedcef2588aa0c074d4d486c05e33a3bac7eb4
--- lib/pkt.c
+++ lib/pkt.c
@@ -160,10 +160,11 @@ const struct got_error *
 got_pkt_writepkt(int fd, char *buf, int nbuf, int chattygot)
 {
 	char len[5];
-	int i;
+	int i, ret;
 	ssize_t w;
 
-	if (snprintf(len, sizeof(len), "%04x", nbuf + 4) >= sizeof(len))
+	ret = snprintf(len, sizeof(len), "%04x", nbuf + 4);
+	if (ret < 0 || (size_t)ret >= sizeof(len))
 		return got_error(GOT_ERR_NO_SPACE);
 	w = write(fd, len, 4);
 	if (w == -1)
blob - e493381e3c08c6bb2810e9918907406182ed318d
blob + 14ac29c54a6da23eba622b0d224010a5752bc387
--- libexec/got-fetch-pack/got-fetch-pack.c
+++ libexec/got-fetch-pack/got-fetch-pack.c
@@ -490,7 +490,7 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 		n = snprintf(buf, sizeof(buf), "want %s%s\n", hashstr,
 		    sent_my_capabilites || my_capabilities == NULL ?
 		    "" : my_capabilities);
-		if (n >= sizeof(buf)) {
+		if (n < 0 || (size_t)n >= sizeof(buf)) {
 			err = got_error(GOT_ERR_NO_SPACE);
 			goto done;
 		}
@@ -511,7 +511,7 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 		struct got_object_id *id = pe->data;
 		got_sha1_digest_to_str(id->sha1, hashstr, sizeof(hashstr));
 		n = snprintf(buf, sizeof(buf), "have %s\n", hashstr);
-		if (n >= sizeof(buf)) {
+		if (n < 0 || (size_t)n >= sizeof(buf)) {
 			err = got_error(GOT_ERR_NO_SPACE);
 			goto done;
 		}
blob - 980664a3d3b0e347aabd00ccd1f7e38929ce7498
blob + c71c6afab33ae912f95e2c86e055ad3a30bb8abf
--- libexec/got-send-pack/got-send-pack.c
+++ libexec/got-send-pack/got-send-pack.c
@@ -282,7 +282,7 @@ describe_refchange(int *n, int *sent_my_capabilites,
 {
 	*n = snprintf(buf, bufsize, "%s %s %s",
 	    old_hashstr, new_hashstr, refname);
-	if (*n >= bufsize)
+	if (*n < 0 || (size_t)*n >= bufsize)
 		return got_error(GOT_ERR_NO_SPACE);
 
 	/*
@@ -298,7 +298,7 @@ describe_refchange(int *n, int *sent_my_capabilites,
 			return got_error(GOT_ERR_NO_SPACE);
 		m = snprintf(buf + *n + 1, /* offset after '\0' */
 		    bufsize - (*n + 1), "%s\n", my_capabilities);
-		if (*n + m >= bufsize)
+		if (m < 0 || *n + m >= bufsize)
 			return got_error(GOT_ERR_NO_SPACE);
 		*n += m;
 		*sent_my_capabilites = 1;