From f400dab91253f7a5e619b7f29dfad067371fc186 Mon Sep 17 00:00:00 2001
From: Sam Tobin-Hochstadt <samth@cs.indiana.edu>
Date: Tue, 13 Oct 2015 17:48:03 -0400
Subject: [PATCH] Add a check in the compilation-top reader.

This bug was found by fuzz testing.
---
 racket/src/racket/src/marshal.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/racket/src/racket/src/marshal.c b/racket/src/racket/src/marshal.c
index 66a9e0750b..44e7b7573d 100644
--- a/racket/src/racket/src/marshal.c
+++ b/racket/src/racket/src/marshal.c
@@ -338,6 +338,7 @@ static Scheme_Object *read_top(Scheme_Object *obj)
   top->iso.so.type = scheme_compilation_top_type;
   if (!SCHEME_PAIRP(obj)) return NULL;
   top->max_let_depth = SCHEME_INT_VAL(SCHEME_CAR(obj));
+  if (top->max_let_depth < 0) return NULL; /* Should this check for a max as well? */
   obj = SCHEME_CDR(obj);
   if (!SCHEME_PAIRP(obj)) return NULL;
   top->binding_namess = SCHEME_CAR(obj); /* checking is in scheme_install_binding_names() */