bplist: Fix offset range check

Credit to OSS-Fuzz
author: Nikias Bassen 2023-04-21 12:10:20 +0200
committer: Nikias Bassen 2023-04-21 12:10:20 +0200
commit: 581db7f8215387cd722b9f06a5afbd4df9617072 (patch)
tree: d5b8515a69cca924d87e150ac2b0af97bc3781d8
parent: 3fdb11126928717007127688f55a5fffa8a59ac9 (diff)
download: libplist-581db7f8215387cd722b9f06a5afbd4df9617072.tar.gz
libplist-581db7f8215387cd722b9f06a5afbd4df9617072.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bplist.c b/src/bplist.c
index d29d499..e9b71eb 100644
--- a/src/bplist.c
+++ b/src/bplist.c
@@ -748,7 +748,7 @@ static plist_t parse_bin_node_at_index(struct bplist_data *bplist, uint32_t node
 
     ptr = bplist->data + UINT_TO_HOST(idx_ptr, bplist->offset_size);
     /* make sure the node offset is in a sane range */
-    if ((ptr < bplist->data) || (ptr >= bplist->offset_table)) {
+    if ((ptr < bplist->data+BPLIST_MAGIC_SIZE+BPLIST_VERSION_SIZE) || (ptr >= bplist->offset_table)) {
         PLIST_BIN_ERR("offset for node index %u points outside of valid range\n", node_index);
         return NULL;
     }
author	Nikias Bassen	2023-04-21 12:10:20 +0200
committer	Nikias Bassen	2023-04-21 12:10:20 +0200
commit	581db7f8215387cd722b9f06a5afbd4df9617072 (patch)
tree	d5b8515a69cca924d87e150ac2b0af97bc3781d8
parent	3fdb11126928717007127688f55a5fffa8a59ac9 (diff)
download	libplist-581db7f8215387cd722b9f06a5afbd4df9617072.tar.gz libplist-581db7f8215387cd722b9f06a5afbd4df9617072.tar.bz2