From 091ce867c104d0b1ad02dd7c34f13eef27b0ff39 Mon Sep 17 00:00:00 2001
From: cremno <cremno@mail.ru>
Date: Tue, 28 Apr 2015 14:53:50 +0200
Subject: fix possible unsigned integer underflow

buf_size has to be greater than header_size, otherwise subtracting
header_size from buf_size will cause an integer underflow.

Being equal to header_size is fine, however useless, so quit early.
---
 src/load.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/load.c')

diff --git a/src/load.c b/src/load.c
index 17bbb13eb..9854f712f 100644
--- a/src/load.c
+++ b/src/load.c
@@ -673,7 +673,7 @@ mrb_read_irep_file(mrb_state *mrb, FILE* fp)
     goto irep_exit;
   }
   result = read_binary_header(buf, &buf_size, NULL, &flags);
-  if (result != MRB_DUMP_OK) {
+  if (result != MRB_DUMP_OK || buf_size <= header_size) {
     goto irep_exit;
   }
 
-- 
cgit v1.2.3