32ee5213fe64f1e10ec76c1ee861ee6f233120dd - third_party/libplist

commit	32ee5213fe64f1e10ec76c1ee861ee6f233120dd	[log] [tgz]
author	Nikias Bassen <nikias@gmx.li>	Fri Feb 10 13:42:46 2017 +0100
committer	Nikias Bassen <nikias@gmx.li>	Fri Feb 10 13:42:46 2017 +0100
tree	5fa4d3413c92a5e2b4650689c46bf6a47c0b401a
parent	72f7cf803635a127c63bcd37ab35ced28636410a [diff]

bplist: Fix data range check for string/data/dict/array nodes

Passing a size of 0xFFFFFFFFFFFFFFFF to parse_string_node() might result
in a memcpy with a size of -1, leading to undefined behavior.
This commit makes sure that the actual node data (which depends on the size)
is in the range start_of_object..start_of_object+size.

Credit to OSS-Fuzz

src/bplist.c[diff]

1 file changed

tree: 5fa4d3413c92a5e2b4650689c46bf6a47c0b401a

cython/
include/
libcnary/
m4/
src/
test/
tools/
.gitignore
AUTHORS
autogen.sh
configure.ac
COPYING
COPYING.LESSER
doxygen.cfg.in
Makefile.am
NEWS
README