diff options
author | Martin Matuska <martin@matuska.org> | 2022-03-30 21:14:00 +0200 |
---|---|---|
committer | Martin Matuska <martin@matuska.org> | 2022-03-30 23:41:14 +0200 |
commit | 9ad5f077491b9536f01dadca1724385c39cd7613 (patch) | |
tree | d719332ec3762332baa5e305946ce0ab541e8396 | |
parent | cfaa28168a07ea4a53276b63068f94fce37d6aff (diff) | |
download | libarchive-9ad5f077491b9536f01dadca1724385c39cd7613.tar.gz |
ISO reader: fix possible heap buffer overflow in read_children()
OSS-Fuzz issue: 38764
Fixes #1685
-rw-r--r-- | libarchive/archive_read_support_format_iso9660.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c index db14d41d..cd7f92f4 100644 --- a/libarchive/archive_read_support_format_iso9660.c +++ b/libarchive/archive_read_support_format_iso9660.c @@ -1007,7 +1007,8 @@ read_children(struct archive_read *a, struct file_info *parent) p = b; b += iso9660->logical_block_size; step -= iso9660->logical_block_size; - for (; *p != 0 && p < b && p + *p <= b; p += *p) { + for (; *p != 0 && p + DR_name_offset < b && p + *p <= b; + p += *p) { struct file_info *child; /* N.B.: these special directory identifiers |