[libbluray-devel] Fix possible OOB read in _parse_dir() (corrupt input)
Petri Hintukainen
git at videolan.org
Sun Jun 11 16:42:49 CEST 2017
libudfread | branch: master | Petri Hintukainen <phintuka at gmail.com> | Sun Jun 11 17:36:09 2017 +0300| [1867c47e8e2d55e9a47a86db6e0ade82ee480a6a] | committer: Petri Hintukainen
Fix possible OOB read in _parse_dir() (corrupt input)
> http://git.videolan.org/gitweb.cgi/libudfread.git/?a=commit;h=1867c47e8e2d55e9a47a86db6e0ade82ee480a6a
---
src/udfread.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/udfread.c b/src/udfread.c
index 173cddf..f10b7be 100644
--- a/src/udfread.c
+++ b/src/udfread.c
@@ -890,7 +890,11 @@ static int _parse_dir(const uint8_t *data, uint32_t length, struct udf_dir *dir)
const uint8_t *end = data + length;
int tag_id;
- while (p < end) {
+ if (length < 16) {
+ return 0;
+ }
+
+ while (p < end - 16) {
size_t used;
tag_id = decode_descriptor_tag(p);
More information about the libbluray-devel
mailing list