Skip to content
Permalink
Browse files

Avoid potentially dangerous signed to unsigned conversion

We make sure to never pass a negative `rlen` as size to memcpy(). See
also <https://bugs.php.net/bug.php?id=73280>.

Patch provided by Emmanuel Law.
  • Loading branch information...
cmb69 committed Oct 12, 2016
1 parent 4a03b38 commit 53110871935244816bbb9d131da0bccff734bfe9
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/gd_io_dp.c
@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
if(remain >= len) {
rlen = len;
} else {
if(remain == 0) {
if(remain <= 0) {
/* 2.0.34: EOF is incorrect. We use 0 for
* errors and EOF, just like fileGetbuf,
* which is a simple fread() wrapper.

0 comments on commit 5311087

Please sign in to comment.
You can’t perform that action at this time.