From 47d02dde60b4c709d579aa22187ac55524485b97 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Thu, 9 Feb 2017 13:26:15 +0100
Subject: xplist: Prevent assert when parsing CF$UID dict with invalid value
 node

Credit to OSS-Fuzz
---
 src/xplist.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/xplist.c b/src/xplist.c
index 5f63a94..f5ddddd 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -1178,6 +1178,11 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth)
                             plist_t uid = plist_dict_get_item(subnode, "CF$UID");
                             if (uid) {
                                 uint64_t val = 0;
+                                if (plist_get_node_type(uid) != PLIST_UINT) {
+                                    ctx->err++;
+                                    PLIST_XML_ERR("Invalid node type for CF$UID dict entry (must be PLIST_UINT)\n");
+                                    goto err_out;
+                                }
                                 plist_get_uint_val(uid, &val);
                                 plist_dict_remove_item(subnode, "CF$UID");
                                 plist_data_t nodedata = plist_get_data((node_t*)subnode);
-- 
cgit v1.1-32-gdbae