B tags need eight bytes. Previously this only checked for at least seven, which could lead to a single byte out of bounds read. The impact of this is mostly limited by a later check on blen; however it was also possible that blen could overflow, allowing the check to incorrectly pass. A second commit expands blen so it can't overflow, and ensures it has an acceptable value before passing it to the encode function.
B tags need eight bytes. Previously this only checked for at least seven, which could lead to a single byte out of bounds read. The impact of this is mostly limited by a later check on
blen
; however it was also possible thatblen
could overflow, allowing the check to incorrectly pass. A second commit expandsblen
so it can't overflow, and ensures it has an acceptable value before passing it to the encode function.