summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2023-01-13 21:29:26 +0100
committerGravatar Nikias Bassen2023-01-13 21:29:26 +0100
commit47a7fbe438ee7350a2b151e007f07043ef596775 (patch)
tree80b1e3423c48fe1cc57d01e787bff5627f6a7052
parentdb306bf37323e7425d761cd67e1bcf46c367b1c0 (diff)
downloadlibplist-47a7fbe438ee7350a2b151e007f07043ef596775.tar.gz
libplist-47a7fbe438ee7350a2b151e007f07043ef596775.tar.bz2
oplist: Fix another OOB read
Credit to OSS-Fuzz
-rw-r--r--fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-45038154058301441
-rw-r--r--src/oplist.c3
2 files changed, 4 insertions, 0 deletions
diff --git a/fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4503815405830144 b/fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4503815405830144
new file mode 100644
index 0000000..11496c4
--- /dev/null
+++ b/fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4503815405830144
@@ -0,0 +1 @@
+"3ÿÿÿÿ"= /// hÐo/**5/*(*///6/*/#o/,{Å \ No newline at end of file
diff --git a/src/oplist.c b/src/oplist.c
index 0ad1d1c..122440f 100644
--- a/src/oplist.c
+++ b/src/oplist.c
@@ -508,6 +508,9 @@ static void parse_skip_ws(parse_ctx ctx)
ctx->pos++;
}
}
+ if (ctx->pos >= ctx->end) {
+ break;
+ }
}
// break on any char that's not white space
if (!(((*(ctx->pos) == ' ') || (*(ctx->pos) == '\t') || (*(ctx->pos) == '\r') || (*(ctx->pos) == '\n')))) {