Add missing check offset test (Francisco Alonso, Jan Kaluza at RedHat)

diff --git a/src/cdf.c b/src/cdf.c
index 0bfb31a229af5fc05579593e3ea83568b88cf3bb..c258e82f35def06e1d031222ec7bb2d9d2b16228 100644 (file)
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -35,7 +35,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.61 2014/06/04 17:23:19 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.62 2014/06/04 17:26:07 christos Exp $")
 #endif
 
 #include <assert.h>
@@ -816,7 +816,11 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
        if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1)
                goto out;
        for (i = 0; i < sh.sh_properties; i++) {
-               size_t ofs = CDF_GETUINT32(p, (i << 1) + 1);
+               size_t tail = (i << 1) + 1;
+               if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
+                   __LINE__) == -1)
+                       goto out;
+               size_t ofs = CDF_GETUINT32(p, tail);
                q = (const uint8_t *)(const void *)
                    ((const char *)(const void *)p + ofs
                    - 2 * sizeof(uint32_t));