diff options
author | Nikias Bassen | 2024-07-01 18:27:27 +0200 |
---|---|---|
committer | Nikias Bassen | 2024-07-01 18:27:27 +0200 |
commit | 2a0a6d57df3791419dfcda070d9ba6189f518bd5 (patch) | |
tree | 417d2e7d5d032f54d4d176c0e21ca009be1380a0 /tools | |
parent | d1a98e0910959fbdb3357461debfbf8a1df96945 (diff) | |
download | libimobiledevice-2a0a6d57df3791419dfcda070d9ba6189f518bd5.tar.gz libimobiledevice-2a0a6d57df3791419dfcda070d9ba6189f518bd5.tar.bz2 |
tools: Fix heap buffer overflow in ideviceimagemounter
Diffstat (limited to 'tools')
-rw-r--r-- | tools/ideviceimagemounter.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/tools/ideviceimagemounter.c b/tools/ideviceimagemounter.c index 52b0666..511583e 100644 --- a/tools/ideviceimagemounter.c +++ b/tools/ideviceimagemounter.c @@ -377,8 +377,11 @@ int main(int argc, char **argv) fprintf(stderr, "Error opening signature file '%s': %s\n", image_sig_path, strerror(errno)); goto leave; } - fstat(fileno(f), &fst); - sig = malloc(sig_length); + if (fstat(fileno(f), &fst) != 0) { + fprintf(stderr, "Error: fstat: %s\n", strerror(errno)); + goto leave; + } + sig = malloc(fst.st_size); sig_length = fread(sig, 1, fst.st_size, f); fclose(f); if (sig_length == 0) { |