| 12345678910111213141516 |
- Subject: Off-by-one reading offset (found by oss-fuzz)
- Origin: FILE5_30-56-g6623a8e0 <https://github.com/file/file/commit/FILE5_30-56-g6623a8e0>
- Upstream-Author: Christos Zoulas <christos@zoulas.com>
- Date: Sun Apr 30 17:05:02 2017 +0000
- --- a/src/cdf.c
- +++ b/src/cdf.c
- @@ -861,7 +861,7 @@
- DPRINTF(("Past end %p < %p\n", e, p));
- return NULL;
- }
- - if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
- + if (cdf_check_stream_offset(sst, h, p, (tail + 1) * sizeof(uint32_t),
- __LINE__) == -1)
- return NULL;
- ofs = CDF_GETUINT32(p, tail);
|
