From 3086838a104995406f315451df1ddb1f64657a45 Mon Sep 17 00:00:00 2001
From: Erica Fischer <enf@pobox.com>
Date: Tue, 27 Sep 2022 09:15:54 -0700
Subject: [PATCH] Fix wrong-way comparison that was causing buffer overflow
 crash in tile-join (#14)

* Fix wrong-way comparison that was causing buffer overflow in tile-join

* Update changelog
---
 CHANGELOG.md  | 4 ++++
 tile-join.cpp | 2 +-
 version.hpp   | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d5190db23..4f865ed90 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 2.6.3
+
+* Fix crash in tile-join caused by wrong-way comparison
+
 ## 2.6.2
 
 * Stop adding features to a tile if it can't possibly work, to limit memory use
diff --git a/tile-join.cpp b/tile-join.cpp
index 3f6d12c6d..a9aedcffa 100644
--- a/tile-join.cpp
+++ b/tile-join.cpp
@@ -601,7 +601,7 @@ void handle_strategies(const unsigned char *s, std::vector<strategy> *st) {
 					} else if (v->type != JSON_NUMBER) {
 						fprintf(stderr, "Value %zu of %zu is not a number: %s\n", j, i, s);
 					} else {
-						if (i <= st->size()) {
+						if (i >= st->size()) {
 							st->resize(i + 1);
 						}
 
diff --git a/version.hpp b/version.hpp
index d51291fbc..9907ca384 100644
--- a/version.hpp
+++ b/version.hpp
@@ -1,6 +1,6 @@
 #ifndef VERSION_HPP
 #define VERSION_HPP
 
-#define VERSION "v2.6.2"
+#define VERSION "v2.6.3"
 
 #endif