diff options
| author | Florian Weimer <fweimer@redhat.com> | 2014-02-03 16:47:42 -0800 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2014-02-03 16:57:31 -0800 |
| commit | c5d49706c767697a9c2d71194f2c71a6fb1f8877 (patch) | |
| tree | a2b8c6dcac4da7ac61fe290c721918cb97be11c1 | |
| parent | 012ce850c8090a7cf85e0f00ebbbe9206ce928a0 (diff) | |
| download | libyaml-git-c5d49706c767697a9c2d71194f2c71a6fb1f8877.tar.gz | |
yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
| -rw-r--r-- | src/scanner.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/scanner.c b/src/scanner.c index a2e8619..68fc002 100644 --- a/src/scanner.c +++ b/src/scanner.c @@ -2574,7 +2574,7 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive, /* Resize the string to include the head. */ - while (string.end - string.start <= (int)length) { + while ((size_t)(string.end - string.start) <= length) { if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { parser->error = YAML_MEMORY_ERROR; goto error; |