From 7d2cdc6f378f1d6d5631b7739398dd50bea62663 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 11 Feb 2022 19:14:23 +0100
Subject: jplist: Fix OOB read by using correct bounds check

Credit to OSS-Fuzz
---
 src/jplist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/jplist.c b/src/jplist.c
index e965870..978c5f9 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -484,7 +484,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index)
         plist_data_t data = plist_new_plist_data();
         data->type = PLIST_NULL;
         val = plist_new_node(data);
-    } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) {
+    } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_val+1 < str_end && isdigit(str_val[1]))) {
         char* endp = (char*)str_val;
         int64_t intpart = parse_decimal(str_val, str_end, &endp);
         if (endp >= str_end) {
-- 
cgit v1.1-32-gdbae