commit | 32ee5213fe64f1e10ec76c1ee861ee6f233120dd | [log] [tgz] |
---|---|---|
author | Nikias Bassen <nikias@gmx.li> | Fri Feb 10 13:42:46 2017 +0100 |
committer | Nikias Bassen <nikias@gmx.li> | Fri Feb 10 13:42:46 2017 +0100 |
tree | 5fa4d3413c92a5e2b4650689c46bf6a47c0b401a | |
parent | 72f7cf803635a127c63bcd37ab35ced28636410a [diff] |
bplist: Fix data range check for string/data/dict/array nodes Passing a size of 0xFFFFFFFFFFFFFFFF to parse_string_node() might result in a memcpy with a size of -1, leading to undefined behavior. This commit makes sure that the actual node data (which depends on the size) is in the range start_of_object..start_of_object+size. Credit to OSS-Fuzz