From 6edeb335f0d1adb4a052cfb23fd1aefa06f8c8bc Mon Sep 17 00:00:00 2001
From: "H. Peter Anvin" <hpa@linux.intel.com>
Date: Mon, 17 Apr 2017 14:22:32 -0700
Subject: [PATCH] rdflib.c: fix(?) one more unsafe use of fread()

It isn't 100% clear what is the right thing to do in this particular
case, so this is my best attempt...

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
---
 rdoff/rdflib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rdoff/rdflib.c b/rdoff/rdflib.c
index 79a2085b..ee7f19f6 100644
--- a/rdoff/rdflib.c
+++ b/rdoff/rdflib.c
@@ -370,7 +370,9 @@ int main(int argc, char **argv)
 
             /* check against desired name */
             if (!strcmp(buf, argv[3])) {
-                fread(p = rdbuf, 1, sizeof(rdbuf), fptmp);
+                if (fread(p = rdbuf, 1, sizeof(rdbuf), fptmp) < 10) {
+                    nasm_fatal(0, "short read on input");
+                }
                 l = *(int32_t *)(p + 6);
                 fseek(fptmp, l, SEEK_CUR);
                 break;
-- 
2.11.4.GIT