From 353f156d1ae41455530165cd2ce11622aa1a52fc Mon Sep 17 00:00:00 2001
From: Xabier de Zuazo <xabier@onddo.com>
Date: Sat, 6 Apr 2013 19:34:10 +0200
Subject: [PATCH] fix buffer length checking bug in readSlot()

---
 lib/protocol.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/protocol.js b/lib/protocol.js
index 21be784..bdd533e 100644
--- a/lib/protocol.js
+++ b/lib/protocol.js
@@ -1088,6 +1088,7 @@ function readSlot(buffer, offset) {
   var nbtDataSize = buffer.readInt16BE(cursor + 3);
   if (nbtDataSize === -1) nbtDataSize = 0;
   var nbtDataEnd = cursorEnd + nbtDataSize;
+  if (nbtDataEnd > buffer.length) return null;
   var nbtData = buffer.slice(cursorEnd, nbtDataEnd);
 
   return {