git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: c88f1dc4b9
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_30-42-gf0bcdd07.dont-try-to-read-past-the-end-of-the-properties-found-by-oss-fuzz.patch

cherry-pick.FILE5_30-42-gf0bcdd07.dont-try-to-read-past-the-end-of-the-properties-found-by-oss-fuzz.patch 842 B
History Raw

123456789101112131415161718192021222324252627 
  1. Subject: Don't try to read past the end of the properties, found by oss-fuzz
    2. 

  2. Origin: FILE5_30-42-gf0bcdd07
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Sat Apr 8 20:38:46 2017 +0000
    5. 

  5. 

  6. --- a/src/cdf.c
    7. 

  7. +++ b/src/cdf.c
    8. 

  8. @@ -835,6 +835,10 @@
    9. 

  9.  	size_t ofs;
    10. 

  10.  	const uint8_t *q;
    11. 

  11.  
    12. 

  12. +	if (p >= e) {
    13. 

  13. +		DPRINTF(("Past end %p < %p\n", e, p));
    14. 

  14. +		return NULL;
    15. 

  15. +	}
    16. 

  16.  	if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
    17. 

  17.  	    __LINE__) == -1)
    18. 

  18.  		return NULL;
    19. 

  19. @@ -945,7 +949,7 @@
    20. 

  20.  	*count += sh.sh_properties;
    21. 

  21.  	p = CAST(const uint8_t *, cdf_offset(sst->sst_tab, offs + sizeof(sh)));
    22. 

  22.  	e = CAST(const uint8_t *, cdf_offset(shp, sh.sh_len));
    23. 

  23. -	if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1)
    24. 

  24. +	if (p >= e || cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1)
    25. 

  25.  		goto out;
    26. 

  26.  
    27. 

  27.  	for (i = 0; i < sh.sh_properties; i++) {
    28.