Skip to content

Commit 5311087

Browse files
committed
Avoid potentially dangerous signed to unsigned conversion
We make sure to never pass a negative `rlen` as size to memcpy(). See also <https://bugs.php.net/bug.php?id=73280>. Patch provided by Emmanuel Law.
1 parent 4a03b38 commit 5311087

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: src/gd_io_dp.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
276276
if(remain >= len) {
277277
rlen = len;
278278
} else {
279-
if(remain == 0) {
279+
if(remain <= 0) {
280280
/* 2.0.34: EOF is incorrect. We use 0 for
281281
* errors and EOF, just like fileGetbuf,
282282
* which is a simple fread() wrapper.

0 commit comments

Comments
 (0)