ape: check the tag size (fixes integer underflow)

The expression "tagLen - size > 0" may result in an integer underflow and a buffer overflow, when "size" is larger than "tagLen". "size" is read from the input file, and must not be trusted. This patch changes the expression to "tagLen > size", which is a lot safer.
2009-07-18 22:45:56 +02:00
parent c8c91d9aaa
commit a988b9b025
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@@ -1,4 +1,6 @@
 ver 0.15.2 (2009/??/??)
+* tags:
+  - ape: check the tag size (fixes integer underflow)


 ver 0.15.1 (2009/07/15)