Revert "real fix for possible CVE with negative length"

[jmtd]

This reverts commit 5e98e6e.

Fixes #355.

There's not enough context in the original commits for me to figure out the issue they were resolving, but this has introduced a buffer overflow it seems, which is resolved by reverting it.

[l8gravely]

>>>> "Jonathan" == Jonathan Dowland ***@***.***> writes: This reverts commit 5e98e6e. Fixes #355. There's not enough context in the original commits for me to figure out the issue they were resolving, but this has introduced a buffer overflow it seems, which is resolved by reverting it.

This was some guy pushing his fix on us before he filed a CVE about it. I didn't think it was the right fix at the time, but didn't push back too hard. Thanks for your help here! I think what I really need help on is motivation and getting the 1.5 release all set to go for testing. I'd really like to get 1.5-rc2 out the door sooner so people can test it out. Another area I'd like to see would be automated testing for regression work, but that's more aspirational than really needed. I'll see if I can find some time in the next week to go over what's out there and see if I can cut a new 1.5-rc2 release for people to beat on. John

-------------------------------------------------------------------------------------------------- You can view, comment on, or merge this pull request online at: #357 Commit Summary * 7d99186 Revert "real fix for possible CVE with negative length" File Changes (1 file) * M src/libduc/buffer.c (2) Patch Links: * https://github.com/zevv/duc/pull/357.patch * https://github.com/zevv/duc/pull/357.diff — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.*Message ID: <zevv/duc/pull/357@

github.com>