From 0371b0507ace8498ab30cc8b4acd4350e34e7709 Mon Sep 17 00:00:00 2001
From: Thomas Harte <thomas.harte@gmail.com>
Date: Tue, 3 Dec 2024 09:18:05 -0500
Subject: [PATCH] Avoid potential extending run-out-of-bounds.

---
 Storage/Tape/Formats/ZXSpectrumTAP.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Storage/Tape/Formats/ZXSpectrumTAP.cpp b/Storage/Tape/Formats/ZXSpectrumTAP.cpp
index 5fa28c4de..41e742151 100644
--- a/Storage/Tape/Formats/ZXSpectrumTAP.cpp
+++ b/Storage/Tape/Formats/ZXSpectrumTAP.cpp
@@ -19,19 +19,20 @@ using namespace Storage::Tape;
 */
 
 ZXSpectrumTAP::ZXSpectrumTAP(const std::string &file_name) :
-	file_(file_name)
+	file_(file_name, FileHolder::FileMode::Read)
 {
 	// Check for a continuous series of blocks through to
 	// exactly file end.
 	//
 	// To consider: could also check those blocks of type 0
 	// and type ff for valid checksums?
-	while(true) {
+	while(file_.tell() != file_.stats().st_size) {
 		const uint16_t block_length = file_.get16le();
-		if(file_.eof()) throw ErrorNotZXSpectrumTAP;
+		if(file_.eof() || file_.tell() + block_length >= file_.stats().st_size) {
+			throw ErrorNotZXSpectrumTAP;
+		}
 
 		file_.seek(block_length, SEEK_CUR);
-		if(file_.tell() == file_.stats().st_size) break;
 	}
 
 	virtual_reset();