The integer wrap check is different from the increment - it is missing
'8 +'.
On 11/30/2016 12:29 PM, Jeremy Allison wrote:
> /* data */
> for (i = 0; i < ndr_count_cfdata(r); i++) {
> + if (size + r->cfdata[i].cbData < size) {
> + /* Integer wrap. */
> + return false;
> + }
> size += 8 + r->cfdata[i].cbData;