diff options
-rw-r--r-- | src/bplist.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/bplist.c b/src/bplist.c index da7bb63..0fd149e 100644 --- a/src/bplist.c +++ b/src/bplist.c @@ -825,6 +825,11 @@ PLIST_API void plist_from_bin(const char *plist_bin, uint32_t length, plist_t * return; } + if (num_objects * offset_size < num_objects) { + PLIST_BIN_ERR("integer overflow when calculating offset table size (too many objects)\n"); + return; + } + if (offset_table + num_objects * offset_size > end_data) { PLIST_BIN_ERR("offset table points outside of valid range\n"); return; |