summaryrefslogtreecommitdiffstats
path: root/src/oplist.c
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2023-01-09 19:07:54 +0100
committerGravatar Nikias Bassen2023-01-09 19:07:54 +0100
commit5bdbd3fe620e66a65373524a0707909ca926a3a1 (patch)
tree5e429417afcc2720af40c102b9c3dfea7ece8738 /src/oplist.c
parent62b03b85a56a7b98e6eef237deeff1a8b41f8fb8 (diff)
downloadlibplist-5bdbd3fe620e66a65373524a0707909ca926a3a1.tar.gz
libplist-5bdbd3fe620e66a65373524a0707909ca926a3a1.tar.bz2
oplist: Fix OOB read by checking bounds properly
Credit to OSS-Fuzz
Diffstat (limited to 'src/oplist.c')
-rw-r--r--src/oplist.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/oplist.c b/src/oplist.c
index df12fb3..21d8a64 100644
--- a/src/oplist.c
+++ b/src/oplist.c
@@ -550,7 +550,7 @@ static void parse_dict_data(parse_ctx ctx, plist_t dict)
if (ctx->pos >= ctx->end) {
PLIST_OSTEP_ERR("EOF while parsing dictionary item at offset %ld\n", ctx->pos - ctx->start);
ctx->err++;
- break;
+ break;
}
val = NULL;
ctx->err = node_from_openstep(ctx, &val);
@@ -710,6 +710,11 @@ static int node_from_openstep(parse_ctx ctx, plist_t *plist)
}
ctx->pos++;
}
+ if (ctx->pos >= ctx->end) {
+ PLIST_OSTEP_ERR("EOF while parsing quoted string at offset %ld\n", ctx->pos - ctx->start);
+ ctx->err++;
+ goto err_out;
+ }
if (*ctx->pos != c) {
plist_free_data(data);
PLIST_OSTEP_ERR("Missing closing quote (%c) at offset %ld\n", c, ctx->pos - ctx->start);