commit | 8de732bdcc2a4d0c09baf6b5e32be30e91a6d335 | [log] [tgz] |
---|---|---|
author | Nikias Bassen <nikias@gmx.li> | Sat Nov 21 04:09:58 2020 +0100 |
committer | Nikias Bassen <nikias@gmx.li> | Sat Nov 21 04:09:58 2020 +0100 |
tree | bbd304d5b75b87a00411b44ea10ac13d5c5f28db | |
parent | 74425fec9103b5e79a352a1f4ca5a762758da032 [diff] |
bplist: Fix offset table range check, don't rely on pointer overflow
diff --git a/src/bplist.c b/src/bplist.c index c3fc071..12963c4 100644 --- a/src/bplist.c +++ b/src/bplist.c
@@ -837,7 +837,7 @@ return; } - if ((offset_table + offset_table_size < offset_table) || (offset_table + offset_table_size > end_data)) { + if (offset_table_size > (uint64_t)(end_data - offset_table)) { PLIST_BIN_ERR("offset table points outside of valid range\n"); return; }