bplist: Fix offset table range check, don't rely on pointer overflow

commit: 8de732bdcc2a4d0c09baf6b5e32be30e91a6d335 [log] [tgz]
author: Nikias Bassen <nikias@gmx.li> Sat Nov 21 04:09:58 2020 +0100
committer: Nikias Bassen <nikias@gmx.li> Sat Nov 21 04:09:58 2020 +0100
tree: bbd304d5b75b87a00411b44ea10ac13d5c5f28db
parent: 74425fec9103b5e79a352a1f4ca5a762758da032 [diff]
diff --git a/src/bplist.c b/src/bplist.c
index c3fc071..12963c4 100644
--- a/src/bplist.c
+++ b/src/bplist.c

@@ -837,7 +837,7 @@
         return;
     }
 
-    if ((offset_table + offset_table_size < offset_table) || (offset_table + offset_table_size > end_data)) {
+    if (offset_table_size > (uint64_t)(end_data - offset_table)) {
         PLIST_BIN_ERR("offset table points outside of valid range\n");
         return;
     }
commit	8de732bdcc2a4d0c09baf6b5e32be30e91a6d335	[log] [tgz]
author	Nikias Bassen <nikias@gmx.li>	Sat Nov 21 04:09:58 2020 +0100
committer	Nikias Bassen <nikias@gmx.li>	Sat Nov 21 04:09:58 2020 +0100
tree	bbd304d5b75b87a00411b44ea10ac13d5c5f28db
parent	74425fec9103b5e79a352a1f4ca5a762758da032 [diff]