From 5bdbd3fe620e66a65373524a0707909ca926a3a1 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Mon, 9 Jan 2023 19:07:54 +0100
Subject: oplist: Fix OOB read by checking bounds properly

Credit to OSS-Fuzz
---
 src/oplist.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/oplist.c b/src/oplist.c
index df12fb3..21d8a64 100644
--- a/src/oplist.c
+++ b/src/oplist.c
@@ -550,7 +550,7 @@ static void parse_dict_data(parse_ctx ctx, plist_t dict)
         if (ctx->pos >= ctx->end) {
             PLIST_OSTEP_ERR("EOF while parsing dictionary item at offset %ld\n", ctx->pos - ctx->start);
             ctx->err++;
-                    break;
+            break;
         }
         val = NULL;
         ctx->err = node_from_openstep(ctx, &val);
@@ -710,6 +710,11 @@ static int node_from_openstep(parse_ctx ctx, plist_t *plist)
                 }
                 ctx->pos++;
             }
+            if (ctx->pos >= ctx->end) {
+                PLIST_OSTEP_ERR("EOF while parsing quoted string at offset %ld\n", ctx->pos - ctx->start);
+                ctx->err++;
+                goto err_out;
+            }
             if (*ctx->pos != c) {
                 plist_free_data(data);
                 PLIST_OSTEP_ERR("Missing closing quote (%c) at offset %ld\n", c, ctx->pos - ctx->start);
-- 
cgit v1.1-32-gdbae