diff options
| author |  Nikias Bassen | 2017-02-09 23:06:13 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-02-09 23:06:13 +0100 |
| commit | 8e4b7a591c6a31b960d6e9e769c8efe15751df97 (patch) | |
| tree | 3642a8bca2f9d86fa06b0e5501902209a207f830 | |
| parent | b1be1e99dd1f489720e83d018bcbdb91fb1e87e5 (diff) | |
| download | libplist-8e4b7a591c6a31b960d6e9e769c8efe15751df97.tar.gz libplist-8e4b7a591c6a31b960d6e9e769c8efe15751df97.tar.bz2 | |
xplist: Fix OOB heap buffer read with empty data nodes
Credit to OSS-Fuzz
| -rw-r--r-- | src/xplist.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/xplist.c b/src/xplist.c index f5ddddd..0e9b007 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -1103,8 +1103,10 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth) goto err_out; } size_t size = tp->length; - data->buff = base64decode(str_content, &size); - data->length = size; + if (size > 0) { + data->buff = base64decode(str_content, &size); + data->length = size; + } if (requires_free) { free(str_content); |