From 8de732bdcc2a4d0c09baf6b5e32be30e91a6d335 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Sat, 21 Nov 2020 04:09:58 +0100
Subject: bplist: Fix offset table range check, don't rely on pointer overflow

---
 src/bplist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bplist.c b/src/bplist.c
index c3fc071..12963c4 100644
--- a/src/bplist.c
+++ b/src/bplist.c
@@ -837,7 +837,7 @@ PLIST_API void plist_from_bin(const char *plist_bin, uint32_t length, plist_t *
         return;
     }
 
-    if ((offset_table + offset_table_size < offset_table) || (offset_table + offset_table_size > end_data)) {
+    if (offset_table_size > (uint64_t)(end_data - offset_table)) {
         PLIST_BIN_ERR("offset table points outside of valid range\n");
         return;
     }
-- 
cgit v1.1-32-gdbae