git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: b873d01ff5
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch

cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch 794 B
History Raw

1234567891011121314151617181920212223 
  1. Subject: Check one more read (found by oss-fuzz)
    2. 

  2. Origin: FILE5_30-52-gd8233d09
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Fri Apr 28 15:03:47 2017 +0000
    5. 

  5. 

  6. --- a/src/cdf.c
    7. 

  7. +++ b/src/cdf.c
    8. 

  8. @@ -980,10 +980,14 @@
    9. 

  9.  		if ((q = cdf_get_property_info_pos(sst, h, p, e, i)) == NULL)
    10. 

  10.  			goto out;
    11. 

  11.  		inp[i].pi_id = CDF_GETUINT32(p, i << 1);
    12. 

  12. +		left = CAST(size_t, e - q);
    13. 

  13. +		if (left < sizeof(uint32_t)) {
    14. 

  14. +			DPRINTF(("short info (no type)_\n"));
    15. 

  15. +			goto out;
    16. 

  16. +		}
    17. 

  17.  		inp[i].pi_type = CDF_GETUINT32(q, 0);
    18. 

  18.  		DPRINTF(("%" SIZE_T_FORMAT "u) id=%x type=%x offs=0x%tx,0x%x\n",
    19. 

  19.  		    i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
    20. 

  20. -		left = CAST(size_t, e - q);
    21. 

  21.  		if (inp[i].pi_type & CDF_VECTOR) {
    22. 

  22.  			if (left < sizeof(uint32_t) * 2) {
    23. 

  23.  				DPRINTF(("missing CDF_VECTOR length\n"));
    24.