From 703120bbfb4b0f33352fc04b19bbe9a20e613a73 Mon Sep 17 00:00:00 2001
From: aizu-m <aizumusheer2@gmail.com>
Date: Thu, 18 Jun 2026 00:59:45 +0530
Subject: [PATCH] xfer: fix out-of-bounds write in xfer_dcc_resume_hash (#2326)

---
 CHANGELOG.md                | 1 +
 src/plugins/xfer/xfer-dcc.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5411157cc..cf40e0055 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 ### Fixed
 
 - core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325))
+- xfer: fix out-of-bounds write in xfer file transfer resume ([#2326](https://github.com/weechat/weechat/issues/2326))
 
 ## Version 4.9.2 (2026-06-07)
 
diff --git a/src/plugins/xfer/xfer-dcc.c b/src/plugins/xfer/xfer-dcc.c
index 113e76bed..698eddc1a 100644
--- a/src/plugins/xfer/xfer-dcc.c
+++ b/src/plugins/xfer/xfer-dcc.c
@@ -242,8 +242,8 @@ int
 xfer_dcc_resume_hash (struct t_xfer *xfer)
 {
     char *buf;
-    unsigned long long total_read;
-    ssize_t length_buf, to_read, num_read;
+    unsigned long long total_read, length_buf, to_read;
+    ssize_t num_read;
     int ret, fd;
 
     total_read = 0;