diff options
author | Nikias Bassen | 2022-02-11 19:14:23 +0100 |
---|---|---|
committer | Nikias Bassen | 2022-02-11 19:14:23 +0100 |
commit | 7d2cdc6f378f1d6d5631b7739398dd50bea62663 (patch) | |
tree | 74cc07e0ccf055583ce48eaaafb8f372e3cdb0c3 | |
parent | c035c6bcea282fb31c08eddae73b16fb8e5543f0 (diff) | |
download | libplist-7d2cdc6f378f1d6d5631b7739398dd50bea62663.tar.gz libplist-7d2cdc6f378f1d6d5631b7739398dd50bea62663.tar.bz2 |
jplist: Fix OOB read by using correct bounds check
Credit to OSS-Fuzz
-rw-r--r-- | src/jplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/jplist.c b/src/jplist.c index e965870..978c5f9 100644 --- a/src/jplist.c +++ b/src/jplist.c @@ -484,7 +484,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index) plist_data_t data = plist_new_plist_data(); data->type = PLIST_NULL; val = plist_new_node(data); - } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) { + } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_val+1 < str_end && isdigit(str_val[1]))) { char* endp = (char*)str_val; int64_t intpart = parse_decimal(str_val, str_end, &endp); if (endp >= str_end) { |