From 581db7f8215387cd722b9f06a5afbd4df9617072 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 21 Apr 2023 12:10:20 +0200
Subject: bplist: Fix offset range check

Credit to OSS-Fuzz
---
 src/bplist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bplist.c b/src/bplist.c
index d29d499..e9b71eb 100644
--- a/src/bplist.c
+++ b/src/bplist.c
@@ -748,7 +748,7 @@ static plist_t parse_bin_node_at_index(struct bplist_data *bplist, uint32_t node
 
     ptr = bplist->data + UINT_TO_HOST(idx_ptr, bplist->offset_size);
     /* make sure the node offset is in a sane range */
-    if ((ptr < bplist->data) || (ptr >= bplist->offset_table)) {
+    if ((ptr < bplist->data+BPLIST_MAGIC_SIZE+BPLIST_VERSION_SIZE) || (ptr >= bplist->offset_table)) {
         PLIST_BIN_ERR("offset for node index %u points outside of valid range\n", node_index);
         return NULL;
     }
-- 
cgit v1.1-32-gdbae