On Mon, 2018-06-11 at 02:18 +0200, Mark Wielaard wrote: > The afl fuzzer found that we did a wrong check in print_form_data when > comparing the remaining bytes in the buffer to an (unsigned) value read. > We were casting the value to ptrdiff_t which is a signed value and so > might turn a really big unsigned value into a negative number. Since we > know the difference between readendp and readp is zero or greater, we > should cast the pointer difference to size_t (and unsigned type) instead > before comparing with the unsigned value.
Pushed to master
