From 7c80007b55fd42cdd56b06cb4330fb8ceb468e09 Mon Sep 17 00:00:00 2001
From: Logan Chien <loganchien@google.com>
Date: Mon, 16 Oct 2017 14:04:34 +0800
Subject: Fix potential buffer overrun

This commit rearranges record size comparison and fread() to make sure
fread() only reads the data that can fit into the buffer.
---
 src/deps_log.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/deps_log.cc b/src/deps_log.cc
index 89c6023..8734dd7 100644
--- a/src/deps_log.cc
+++ b/src/deps_log.cc
@@ -209,7 +209,7 @@ bool DepsLog::Load(const string& path, State* state, string* err) {
     bool is_deps = (size >> 31) != 0;
     size = size & 0x7FFFFFFF;
 
-    if (fread(buf, size, 1, f) < 1 || size > kMaxRecordSize) {
+    if (size > kMaxRecordSize || fread(buf, size, 1, f) < 1) {
       read_failed = true;
       break;
     }
-- 
cgit v0.12