fix: handle ftell failure before allocating input buffer in main.c

[orbisai0security]

Summary

This PR improves error handling in contrib/externalSequenceProducer/main.c when determining the input file size.

The code uses ftell() to determine the file size and then allocates srcSize + 1 bytes for the input buffer. Since ftell() can fail and return -1, this patch checks the result before converting it to size_t and using it in an allocation expression.

Motivation

This makes the contrib example more robust against unexpected ftell() failures and avoids relying on a converted sentinel value during allocation-size calculation.

Security impact

This is best treated as defensive hardening/robustness improvement, not as a proven vulnerability in the core zstd library. The affected code is limited to a contrib example utility.

Testing

The existing example behaviour is unchanged for normal input files. Error paths now fail earlier if the file size cannot be determined safely.

[orbisai0security]

Thanks for the feedback. I’ve updated the PR to narrow the scope and avoid overstating the impact.

The change is now framed as defensive hardening for the contrib/externalSequenceProducer example utility rather than a vulnerability in the core zstd library. I also updated the title/description to focus specifically on handling ftell() failure before using the result in the input-buffer allocation path.

The intent is simply to make the example code more robust around unexpected file-size/error cases, with no behaviour change for normal inputs.