summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2020-11-21 04:09:58 +0100
committerGravatar Nikias Bassen2020-11-21 04:09:58 +0100
commit8de732bdcc2a4d0c09baf6b5e32be30e91a6d335 (patch)
treebbd304d5b75b87a00411b44ea10ac13d5c5f28db
parent74425fec9103b5e79a352a1f4ca5a762758da032 (diff)
downloadlibplist-8de732bdcc2a4d0c09baf6b5e32be30e91a6d335.tar.gz
libplist-8de732bdcc2a4d0c09baf6b5e32be30e91a6d335.tar.bz2
bplist: Fix offset table range check, don't rely on pointer overflow
-rw-r--r--src/bplist.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bplist.c b/src/bplist.c
index c3fc071..12963c4 100644
--- a/src/bplist.c
+++ b/src/bplist.c
@@ -837,7 +837,7 @@ PLIST_API void plist_from_bin(const char *plist_bin, uint32_t length, plist_t *
return;
}
- if ((offset_table + offset_table_size < offset_table) || (offset_table + offset_table_size > end_data)) {
+ if (offset_table_size > (uint64_t)(end_data - offset_table)) {
PLIST_BIN_ERR("offset table points outside of valid range\n");
return;
}