diff options
author | Nikias Bassen | 2023-04-21 12:10:20 +0200 |
---|---|---|
committer | Nikias Bassen | 2023-04-21 12:10:20 +0200 |
commit | 581db7f8215387cd722b9f06a5afbd4df9617072 (patch) | |
tree | d5b8515a69cca924d87e150ac2b0af97bc3781d8 /src/bplist.c | |
parent | 3fdb11126928717007127688f55a5fffa8a59ac9 (diff) | |
download | libplist-581db7f8215387cd722b9f06a5afbd4df9617072.tar.gz libplist-581db7f8215387cd722b9f06a5afbd4df9617072.tar.bz2 |
bplist: Fix offset range check
Credit to OSS-Fuzz
Diffstat (limited to 'src/bplist.c')
-rw-r--r-- | src/bplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bplist.c b/src/bplist.c index d29d499..e9b71eb 100644 --- a/src/bplist.c +++ b/src/bplist.c @@ -748,7 +748,7 @@ static plist_t parse_bin_node_at_index(struct bplist_data *bplist, uint32_t node ptr = bplist->data + UINT_TO_HOST(idx_ptr, bplist->offset_size); /* make sure the node offset is in a sane range */ - if ((ptr < bplist->data) || (ptr >= bplist->offset_table)) { + if ((ptr < bplist->data+BPLIST_MAGIC_SIZE+BPLIST_VERSION_SIZE) || (ptr >= bplist->offset_table)) { PLIST_BIN_ERR("offset for node index %u points outside of valid range\n", node_index); return NULL; } |