Now the programmer – say that this URL has a length, it’s provided with a length, and then the data. Well, the programmer checks the length that is declared to make sure that it’s less than a thousand characters long to make sure that the data will fit within this buffer. And if so, then the programmer might call another subroutine to copy the provided data into the buffer. Well, if the programmer made a mistake, and just not even thinking about it was thinking that the value being provided was a signed value, which really doesn’t make any sense because it makes no sense to have a negative length on data. Data is always going to be an unsigned length. So, but just because the programmer’s used to typing INT, INT, INT, which stands for integer, which is inherently a signed value, instead of UINT, which is unsigned integer, if the programmer declared this value, suspected – or, sorry, expected that the value were going to be signed, or just didn’t think about it, then if somebody malicious declared the value to be -5, then when the programmer compares the length to the length that’s being declared for this URL to the buffer size he’s allocated, 1,000, you know, is -5 less than 1,000? Well, yes, it is, if it’s a signed value, because -5 is less than 1,000.