tools: Fix heap buffer overflow in ideviceimagemounter

author: Nikias Bassen 2024-07-01 18:27:27 +0200
committer: Nikias Bassen 2024-07-01 18:27:27 +0200
commit: 2a0a6d57df3791419dfcda070d9ba6189f518bd5 (patch)
tree: 417d2e7d5d032f54d4d176c0e21ca009be1380a0
parent: d1a98e0910959fbdb3357461debfbf8a1df96945 (diff)
download: libimobiledevice-2a0a6d57df3791419dfcda070d9ba6189f518bd5.tar.gz
libimobiledevice-2a0a6d57df3791419dfcda070d9ba6189f518bd5.tar.bz2
1 files changed, 5 insertions, 2 deletions
diff --git a/tools/ideviceimagemounter.c b/tools/ideviceimagemounter.c
index 52b0666..511583e 100644
--- a/tools/ideviceimagemounter.c
+++ b/tools/ideviceimagemounter.c
@@ -377,8 +377,11 @@ int main(int argc, char **argv)
                                fprintf(stderr, "Error opening signature file '%s': %s\n", image_sig_path, strerror(errno));
                                goto leave;
                        }
-                        fstat(fileno(f), &fst);
+                        if (fstat(fileno(f), &fst) != 0) {
-                        sig = malloc(sig_length);
+                                fprintf(stderr, "Error: fstat: %s\n", strerror(errno));
+                                goto leave;
+                        }
+                        sig = malloc(fst.st_size);
                        sig_length = fread(sig, 1, fst.st_size, f);
                        fclose(f);
                        if (sig_length == 0) {
author	Nikias Bassen	2024-07-01 18:27:27 +0200
committer	Nikias Bassen	2024-07-01 18:27:27 +0200
commit	2a0a6d57df3791419dfcda070d9ba6189f518bd5 (patch)
tree	417d2e7d5d032f54d4d176c0e21ca009be1380a0
parent	d1a98e0910959fbdb3357461debfbf8a1df96945 (diff)
download	libimobiledevice-2a0a6d57df3791419dfcda070d9ba6189f518bd5.tar.gz libimobiledevice-2a0a6d57df3791419dfcda070d9ba6189f518bd5.tar.bz2