| Subject: | INT_MIN hardening for the READ method |
While browsing the source code, I think I have identified a hardening
opportunity: I believe the READ method in the XS file should check if
offset == INT_MIN, because if it is, -offset is still negative (strictly
speaking, even undefined), so the code has some strange behavior as a
result.
I can send you a patch if you want, but it's difficult for me to test it
properly.
I believe the other corner cases related to large and negative values
are handled correctly, both in FCGI.xs and fgciapp.c, but
double-checking this cannot hurt.
I had also identified an eval issue, but that has since been made
obsolete by commit fd4e384a0d3ee82faf4be58384d5648d7eaeebd1 (which went
into 0.75).