[gnome-software] steam: Fix an out of bounds read

[Kalev Lember <klember src gnome org>]

commit 5b04b8e5d49870b4068dda6e962b5b7cbedaaff3
Author: Kalev Lember <klember redhat com>
Date:   Tue Jan 9 21:53:13 2018 +0100

    steam: Fix an out of bounds read
    
    Avoid using "data_len - 9" as that can result in wraparound as data_len
    is an unsigned integer.
    
    This fixes a crash when appinfo.vdf is a zero length file.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1493414

 plugins/steam/gs-plugin-steam.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/plugins/steam/gs-plugin-steam.c b/plugins/steam/gs-plugin-steam.c
index 94fc8e3..a052c3c 100644
--- a/plugins/steam/gs-plugin-steam.c
+++ b/plugins/steam/gs-plugin-steam.c
@@ -109,7 +109,7 @@ static void
 gs_plugin_steam_find_next_sync_point (guint8 *data, gsize data_len, guint *idx)
 {
        guint i;
-       for (i = *idx; i < data_len - 9; i++) {
+       for (i = *idx; i + 9 < data_len; i++) {
                if (memcmp (&data[i], "\0\x02\0common\0", 8) == 0) {
                        *idx = i - 1;
                        return;