diff options
author | Nikias Bassen | 2020-11-21 04:09:58 +0100 |
---|---|---|
committer | Nikias Bassen | 2020-11-21 04:09:58 +0100 |
commit | 8de732bdcc2a4d0c09baf6b5e32be30e91a6d335 (patch) | |
tree | bbd304d5b75b87a00411b44ea10ac13d5c5f28db | |
parent | 74425fec9103b5e79a352a1f4ca5a762758da032 (diff) | |
download | libplist-8de732bdcc2a4d0c09baf6b5e32be30e91a6d335.tar.gz libplist-8de732bdcc2a4d0c09baf6b5e32be30e91a6d335.tar.bz2 |
bplist: Fix offset table range check, don't rely on pointer overflow
-rw-r--r-- | src/bplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bplist.c b/src/bplist.c index c3fc071..12963c4 100644 --- a/src/bplist.c +++ b/src/bplist.c @@ -837,7 +837,7 @@ PLIST_API void plist_from_bin(const char *plist_bin, uint32_t length, plist_t * return; } - if ((offset_table + offset_table_size < offset_table) || (offset_table + offset_table_size > end_data)) { + if (offset_table_size > (uint64_t)(end_data - offset_table)) { PLIST_BIN_ERR("offset table points outside of valid range\n"); return; } |