|
|
|
@ -91,7 +91,7 @@ buffer (=dbuf=) of this size. It skips the length byte and copies
|
|
|
|
|
=fsize - 1= bytes into the new buffer. So it trusts that the amount of
|
|
|
|
|
data it read from disk is the same as indicated by the length byte.
|
|
|
|
|
|
|
|
|
|
While this might seem silly, this is how real world buffer overflows
|
|
|
|
|
While this might seem silly, this is what real world buffer overflows
|
|
|
|
|
look like.
|
|
|
|
|
|
|
|
|
|
Here is a file where the length byte and file size agree. Create
|
|
|
|
|