From 7d2cdc6f378f1d6d5631b7739398dd50bea62663 Mon Sep 17 00:00:00 2001 From: Nikias Bassen Date: Fri, 11 Feb 2022 19:14:23 +0100 Subject: jplist: Fix OOB read by using correct bounds check Credit to OSS-Fuzz --- src/jplist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/jplist.c') diff --git a/src/jplist.c b/src/jplist.c index e965870..978c5f9 100644 --- a/src/jplist.c +++ b/src/jplist.c @@ -484,7 +484,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index) plist_data_t data = plist_new_plist_data(); data->type = PLIST_NULL; val = plist_new_node(data); - } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) { + } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_val+1 < str_end && isdigit(str_val[1]))) { char* endp = (char*)str_val; int64_t intpart = parse_decimal(str_val, str_end, &endp); if (endp >= str_end) { -- cgit v1.1-32-gdbae