fix possible unsigned integer underflow

buf_size has to be greater than header_size, otherwise subtracting header_size from buf_size will cause an integer underflow. Being equal to header_size is fine, however useless, so quit early.

fix possible unsigned integer underflow
buf_size has to be greater than header_size, otherwise subtracting header_size from buf_size will cause an integer underflow. Being equal to header_size is fine, however useless, so quit early.
091ce867 · cremno · 0518ab22 · 091ce867
Commit 091ce867 authored Apr 28, 2015 by cremno
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

src/load.c src/load.c +1 -1

No files found.
--- a/src/load.c
+++ b/src/load.c
@@ -673,7 +673,7 @@ mrb_read_irep_file(mrb_state *mrb, FILE* fp)
    goto irep_exit;
  }
  result = read_binary_header(buf, &buf_size, NULL, &flags);
-  if (result != MRB_DUMP_OK) {
+  if (result != MRB_DUMP_OK || buf_size <= header_size) {
    goto irep_exit;
  }