[libbdplus-devel] Fix possible integer overflow
anonymous
git at videolan.org
Thu Mar 16 14:59:31 CET 2017
libbdplus | branch: master | anonymous <anonymous at anonymous.org> | Thu Mar 16 15:50:35 2017 +0200| [a9082605928e5694d47ebf3fdcb95ba8aba57f83] | committer: anonymous
Fix possible integer overflow
> http://git.videolan.org/gitweb.cgi/libbdplus.git/?a=commit;h=a9082605928e5694d47ebf3fdcb95ba8aba57f83
---
src/libbdplus/bdsvm/diff.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/libbdplus/bdsvm/diff.c b/src/libbdplus/bdsvm/diff.c
index d3713b4..b60d9df 100644
--- a/src/libbdplus/bdsvm/diff.c
+++ b/src/libbdplus/bdsvm/diff.c
@@ -209,7 +209,10 @@ uint32_t diff_hashdb_load(uint8_t *hashname, uint8_t *fname, uint64_t offset,
str_print_hex(str, sha_hdr.digest, sizeof(digest)));
sha_hdr.next = FETCH4((uint8_t *)&sha_hdr.next);
-
+ if (sha_hdr.next < sizeof(sha_hdr.len)) {
+ BD_DEBUG(DBG_BDPLUS,"[diff] invalid data in hash_db.bin\n");
+ break;
+ }
if (!memcmp(digest, sha_hdr.digest, sizeof(digest))) {
// Found the digest we are looking for
sha_hdr.len = FETCH4((uint8_t *)&sha_hdr.len);
More information about the libbdplus-devel
mailing list