From 135e43c1767c6d1cc4cad057130bf371a548f648 Mon Sep 17 00:00:00 2001
From: Jonathan Beck
Date: Sat, 13 Dec 2008 19:59:00 +0100
Subject: Add sanity check on indexes when building plist tree.

---
 src/bplist.c | 33 +++++++++++++++++++--------------
 src/plist.c  |  2 +-
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/src/bplist.c b/src/bplist.c
index 741a92c..54a4bb2 100644
--- a/src/bplist.c
+++ b/src/bplist.c
@@ -408,15 +408,19 @@ void plist_from_bin(const char *plist_bin, uint32_t length, plist_t * plist)
 				//first one is actually a key
 				plist_get_data(nodeslist[index1])->type = PLIST_KEY;
 
-				if (G_NODE_IS_ROOT(nodeslist[index1]))
-					g_node_append(nodeslist[i], nodeslist[index1]);
-				else
-					g_node_append(nodeslist[i], g_node_copy_deep(nodeslist[index1], copy_plist_data, NULL));
-
-				if (G_NODE_IS_ROOT(nodeslist[index2]))
-					g_node_append(nodeslist[i], nodeslist[index2]);
-				else
-					g_node_append(nodeslist[i], g_node_copy_deep(nodeslist[index2], copy_plist_data, NULL));
+				if (index1 >= 0 && index1 < num_objects) {
+					if (G_NODE_IS_ROOT(nodeslist[index1]))
+						g_node_append(nodeslist[i], nodeslist[index1]);
+					else
+						g_node_append(nodeslist[i], g_node_copy_deep(nodeslist[index1], copy_plist_data, NULL));
+				}
+
+				if (index2 >= 0 && index2 < num_objects) {
+					if (G_NODE_IS_ROOT(nodeslist[index2]))
+						g_node_append(nodeslist[i], nodeslist[index2]);
+					else
+						g_node_append(nodeslist[i], g_node_copy_deep(nodeslist[index2], copy_plist_data, NULL));
+				}
 			}
 
 			free(data->buff);
@@ -428,11 +432,12 @@ void plist_from_bin(const char *plist_bin, uint32_t length, plist_t * plist)
 				str_j = j * dict_param_size;
 				index1 = swap_n_bytes(data->buff + str_j, dict_param_size);
 
-				//g_node_append(nodeslist[i], nodeslist[index1]);
-				if (G_NODE_IS_ROOT(nodeslist[index1]))
-					g_node_append(nodeslist[i], nodeslist[index1]);
-				else
-					g_node_append(nodeslist[i], g_node_copy_deep(nodeslist[index1], copy_plist_data, NULL));
+				if (index1 >= 0 && index1 < num_objects) {
+					if (G_NODE_IS_ROOT(nodeslist[index1]))
+						g_node_append(nodeslist[i], nodeslist[index1]);
+					else
+						g_node_append(nodeslist[i], g_node_copy_deep(nodeslist[index1], copy_plist_data, NULL));
+				}
 			}
 			free(data->buff);
 			break;
diff --git a/src/plist.c b/src/plist.c
index 1fafd94..a3d3cb2 100644
--- a/src/plist.c
+++ b/src/plist.c
@@ -157,7 +157,7 @@ char compare_node_value(plist_type type, plist_data_t data, void *value, uint64_
 		res = !wcscmp(data->unicodeval, ((wchar_t *) value));
 		break;
 	case PLIST_DATA:
-		res = memcmp(data->buff,(char*) value, length );
+		res = memcmp(data->buff, (char *) value, length);
 		break;
 	case PLIST_ARRAY:
 	case PLIST_DICT:
-- 
cgit v1.1-32-gdbae