jplist: Fix OOB read by using correct bounds check

Credit to OSS-Fuzz
author: Nikias Bassen 2022-02-11 19:14:23 +0100
committer: Nikias Bassen 2022-02-11 19:14:23 +0100
commit: 7d2cdc6f378f1d6d5631b7739398dd50bea62663 (patch)
tree: 74cc07e0ccf055583ce48eaaafb8f372e3cdb0c3
parent: c035c6bcea282fb31c08eddae73b16fb8e5543f0 (diff)
download: libplist-7d2cdc6f378f1d6d5631b7739398dd50bea62663.tar.gz
libplist-7d2cdc6f378f1d6d5631b7739398dd50bea62663.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/jplist.c b/src/jplist.c
index e965870..978c5f9 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -484,7 +484,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index)
         plist_data_t data = plist_new_plist_data();
         data->type = PLIST_NULL;
         val = plist_new_node(data);
-    } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) {
+    } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_val+1 < str_end && isdigit(str_val[1]))) {
         char* endp = (char*)str_val;
         int64_t intpart = parse_decimal(str_val, str_end, &endp);
         if (endp >= str_end) {
author	Nikias Bassen	2022-02-11 19:14:23 +0100
committer	Nikias Bassen	2022-02-11 19:14:23 +0100
commit	7d2cdc6f378f1d6d5631b7739398dd50bea62663 (patch)
tree	74cc07e0ccf055583ce48eaaafb8f372e3cdb0c3
parent	c035c6bcea282fb31c08eddae73b16fb8e5543f0 (diff)
download	libplist-7d2cdc6f378f1d6d5631b7739398dd50bea62663.tar.gz libplist-7d2cdc6f378f1d6d5631b7739398dd50bea62663.tar.bz2