hfs_stat: saturate nlink stat field on overflow

On some platforms (including macOS) nlink_t is a smaller type than the
folder record's valence. This represents the number of entries in a
directory, so it's quite possible to overflow this on a normal volume.

hfsfuse now sets st_nlink to the max possible value in this case,
consistent with other drivers.

Author: 0x09

Makefile

@@ -14,7 +14,7 @@ CONFIG_CFLAGS := $(CONFIG_CFLAGS) $(CFLAGS)
 CFLAGS := -D_FILE_OFFSET_BITS=64 $(CONFIG_CFLAGS)
 
 # extra flags we don't want to forward to the "external" libs like libhfs/ublio/utf8proc
-LOCAL_CFLAGS+=-Wall -Wextra -pedantic -Wno-gnu-zero-variadic-macro-arguments -Wno-unused-parameter
+LOCAL_CFLAGS+=-Wall -Wextra -pedantic -Wno-gnu-zero-variadic-macro-arguments -Wno-unused-parameter -Wno-error=type-limits
 # older versions of gcc/clang need these as well
 LOCAL_CFLAGS+=-Wno-missing-field-initializers -Wno-missing-braces
 

lib/libhfsuser/hfsuser.c

@@ -445,7 +445,14 @@ void hfs_stat(hfs_volume* vol, hfs_catalog_keyed_record_t* key, struct stat* st,
 #endif
 	}
 	else {
-		st->st_nlink = key->folder.valence + 2;
+		if(generic_int_max(st->st_nlink)-2 < key->folder.valence)
+			st->st_nlink = generic_int_max(st->st_nlink);
+		else {
+			//valence must be cast to the type of st_nlink to really guarantee no overflow here, but nlink_t is not always defined (e.g. mingw) hence separate ops
+			st->st_nlink = key->folder.valence;
+			st->st_nlink += 2;
+		}
+
 		st->st_size = vol->vh.block_size;
 #if HAVE_STAT_BLKSIZE
 		st->st_blksize = vol->vh.block_size;