Subject: Check one more read (found by oss-fuzz)
Origin: FILE5_30-52-gd8233d09
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Fri Apr 28 15:03:47 2017 +0000

--- a/src/cdf.c
+++ b/src/cdf.c
@@ -980,10 +980,14 @@
 		if ((q = cdf_get_property_info_pos(sst, h, p, e, i)) == NULL)
 			goto out;
 		inp[i].pi_id = CDF_GETUINT32(p, i << 1);
+		left = CAST(size_t, e - q);
+		if (left < sizeof(uint32_t)) {
+			DPRINTF(("short info (no type)_\n"));
+			goto out;
+		}
 		inp[i].pi_type = CDF_GETUINT32(q, 0);
 		DPRINTF(("%" SIZE_T_FORMAT "u) id=%x type=%x offs=0x%tx,0x%x\n",
 		    i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
-		left = CAST(size_t, e - q);
 		if (inp[i].pi_type & CDF_VECTOR) {
 			if (left < sizeof(uint32_t) * 2) {
 				DPRINTF(("missing CDF_VECTOR length\n"));