libretro-common/vfs_smb: fix silent truncations in read/write/stat

Three low-priority but real correctness issues in
vfs_implementation_smb.c.  None are memory-safety bugs; all three
are silent data or size corruption that would confuse callers on
unusual inputs.

vfs_smb: cap len in retro_vfs_file_read_smb
  smb2_read takes uint32_t count, but the wrapper passes a
  uint64_t len straight through.  For len > UINT32_MAX the high
  bits are silently dropped and smb2_read issues a truncated
  read.  The caller receives a short return count and, depending
  on the loop, may re-issue from the wrong file offset or treat
  the short read as EOF.

  Fix: cap len at UINT32_MAX before the call.  The VFS read
  contract already allows short reads (all well-behaved callers
  loop), so the caller simply re-issues for the remaining bytes.

vfs_smb: cap len in retro_vfs_file_write_smb
  Identical bug class on the write side: smb2_write takes
  uint32_t count.  Same fix.

vfs_smb: saturate retro_vfs_stat_smb size
  *size is int64_t but st.smb2_size is uint64_t.  A naked cast
  for files > INT64_MAX (8 EiB) produces a negative value that
  callers may interpret as an error.  Saturate to INT64_MAX.

  Practically unreachable -- no filesystem today holds 8 EiB
  files -- but the fix is two lines and keeps sign semantics
  consistent with the matching fix in retro_vfs_stat_impl
  (commit cf73f1a).

VC6 compatibility: the file is only compiled when libsmb2 is
linked, which in practice is a modern toolchain concern.  For
correctness anyway, the fix uses UINT32_MAX and INT64_MAX which
are defined by the existing VC6 stdint shim at
include/compat/msvc/stdint.h, and adds an explicit
reliably available even if libsmb2's transitive include chain
ever changes.

Regression test: NONE.  Exercising the SMB VFS layer requires a
live SMB server and an authenticated mount, which is
impractical for a self-contained sample that runs in CI.  The
existing nbio_test and config_file_test exercise the non-SMB VFS
paths; a regression that broke those paths would still surface.
The fixes themselves are small (two cap statements and a
ternary) and reviewed directly.

Author: LibretroAdmin

libretro-common/vfs/vfs_implementation_smb.c

@@ -14,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <stdint.h>  /* UINT32_MAX, INT64_MAX -- via compat shim on VC6 */
 #include <string.h>
 #include <errno.h>
 #include <time.h>
@@ -352,7 +353,15 @@ int64_t retro_vfs_file_read_smb(libretro_vfs_implementation_file *stream,
    if (!ctx)
        return -1;
 
-   ret = smb2_read(ctx, (struct smb2fh *)(intptr_t)stream->smb_fh, s, len);
+   /* smb2_read takes uint32_t count; passing a uint64_t len that
+    * exceeds UINT32_MAX was silently truncated pre-patch.  Cap at
+    * UINT32_MAX so the caller gets back the (partial) byte count
+    * and knows to loop for more.  This matches fread-style
+    * short-read semantics already observed by VFS consumers. */
+   if (len > (uint64_t)UINT32_MAX)
+      len = UINT32_MAX;
+
+   ret = smb2_read(ctx, (struct smb2fh *)(intptr_t)stream->smb_fh, s, (uint32_t)len);
 
    return ret;
 }
@@ -370,7 +379,13 @@ int64_t retro_vfs_file_write_smb(libretro_vfs_implementation_file *stream,
    if (!ctx)
        return -1;
 
-   ret = smb2_write(ctx, (struct smb2fh *)(intptr_t)stream->smb_fh, (void*)s, len);
+   /* smb2_write takes uint32_t count; see retro_vfs_file_read_smb
+    * for the rationale.  Cap at UINT32_MAX and let the caller
+    * re-issue for remaining bytes. */
+   if (len > (uint64_t)UINT32_MAX)
+      len = UINT32_MAX;
+
+   ret = smb2_write(ctx, (struct smb2fh *)(intptr_t)stream->smb_fh, (void*)s, (uint32_t)len);
 
    return ret;
 }
@@ -571,8 +586,15 @@ int retro_vfs_stat_smb(const char *path, int64_t *size)
    if (smb2_stat(smb_context, rel_path, &st) < 0)
       return 0;
 
+   /* smb2_size is uint64_t; *size is int64_t.  A naked cast on
+    * files > INT64_MAX (8 EiB) would produce a negative value
+    * that callers may interpret as a stat error.  Saturate to
+    * INT64_MAX -- unreachable in practice today, but the fix is
+    * cheap and keeps sign semantics sane. */
    if (size)
-      *size = (int64_t)st.smb2_size;
+      *size = (st.smb2_size > (uint64_t)INT64_MAX)
+         ? INT64_MAX
+         : (int64_t)st.smb2_size;
 
    return RETRO_VFS_STAT_IS_VALID |
          (st.smb2_type == SMB2_TYPE_DIRECTORY ? RETRO_VFS_STAT_IS_DIRECTORY : 0);