Max Kellermann a988b9b025 ape: check the tag size (fixes integer underflow) ...

The expression "tagLen - size > 0" may result in an integer underflow
and a buffer overflow, when "size" is larger than "tagLen".  "size" is
read from the input file, and must not be trusted.  This patch changes
the expression to "tagLen > size", which is a lot safer.

2009-07-18 22:45:56 +02:00

23 KiB

Raw Blame History

View Raw