summaryrefslogtreecommitdiffstats
path: root/fuzz/xplist-crashes/clusterfuzz-testcase-6482601374121984
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2017-02-10 13:42:46 +0100
committerGravatar Nikias Bassen2017-02-10 13:42:46 +0100
commit32ee5213fe64f1e10ec76c1ee861ee6f233120dd (patch)
tree5fa4d3413c92a5e2b4650689c46bf6a47c0b401a /fuzz/xplist-crashes/clusterfuzz-testcase-6482601374121984
parent72f7cf803635a127c63bcd37ab35ced28636410a (diff)
downloadlibplist-32ee5213fe64f1e10ec76c1ee861ee6f233120dd.tar.gz
libplist-32ee5213fe64f1e10ec76c1ee861ee6f233120dd.tar.bz2
bplist: Fix data range check for string/data/dict/array nodes
Passing a size of 0xFFFFFFFFFFFFFFFF to parse_string_node() might result in a memcpy with a size of -1, leading to undefined behavior. This commit makes sure that the actual node data (which depends on the size) is in the range start_of_object..start_of_object+size. Credit to OSS-Fuzz
Diffstat (limited to 'fuzz/xplist-crashes/clusterfuzz-testcase-6482601374121984')
0 files changed, 0 insertions, 0 deletions