From c188a7510317bfdaa19e87c6870c5ee7d965a6b9 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Sun, 26 May 2013 21:42:23 +0200
Subject: [PATCH] buffer: guard against integer overflow

---
 src/node_buffer.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/node_buffer.cc b/src/node_buffer.cc
index 78d6aa45590..687545a2052 100644
--- a/src/node_buffer.cc
+++ b/src/node_buffer.cc
@@ -404,7 +404,7 @@ Handle<Value> ReadFloatGeneric(const Arguments& args) {
       return ThrowTypeError("offset is not uint");
     size_t len = static_cast<size_t>(
                     args.This()->GetIndexedPropertiesExternalArrayDataLength());
-    if (offset + sizeof(T) > len)
+    if (offset + sizeof(T) > len || offset + sizeof(T) < offset)
       return ThrowRangeError("Trying to read beyond buffer length");
   }