1. 20
  1.  

  2. 7

    Taking the first 4 bytes and just passing them straight into malloc? That’s terrifying, I hope this isn’t facing the open internet.

    1. 1

      She did say that the fix includes making the client code less trusting :)