diff options
| author |  Nikias Bassen | 2023-01-17 01:26:58 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2023-01-17 01:26:58 +0100 |
| commit | 85f5cbd3705b34fcc52009ca51d8167ab18764fa (patch) | |
| tree | 17184b2653fbedb291101b40f8593a8aa94d32b2 /src | |
| parent | f31ab3835bb4bf8e574e9920ef9f17359163cbd3 (diff) | |
| download | libplist-85f5cbd3705b34fcc52009ca51d8167ab18764fa.tar.gz libplist-85f5cbd3705b34fcc52009ca51d8167ab18764fa.tar.bz2 | |
oplist: Fix another OOB read
Credit to OSS-Fuzz
Diffstat (limited to 'src')
| -rw-r--r-- | src/oplist.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/oplist.c b/src/oplist.c index 8936cce..4dd0df5 100644 --- a/src/oplist.c +++ b/src/oplist.c @@ -715,6 +715,13 @@ static int node_from_openstep(parse_ctx ctx, plist_t *plist) plist_free_data(data); goto err_out; } + if (ctx->pos >= ctx->end) { + byte_array_free(bytes); + plist_free_data(data); + PLIST_OSTEP_ERR("EOF while parsing data terminator '>' at offset %ld\n", ctx->pos - ctx->start); + ctx->err++; + goto err_out; + } if (*ctx->pos != '>') { byte_array_free(bytes); plist_free_data(data); |