fix out of bounds read; found by oss-fuzz

author Christos Zoulas <christos@zoulas.com>

Sat, 22 Apr 2017 20:02:34 +0000 (20:02 +0000)

committer Christos Zoulas <christos@zoulas.com>

Sat, 22 Apr 2017 20:02:34 +0000 (20:02 +0000)
author Christos Zoulas <christos@zoulas.com>
Sat, 22 Apr 2017 20:02:34 +0000 (20:02 +0000)
committer Christos Zoulas <christos@zoulas.com>
Sat, 22 Apr 2017 20:02:34 +0000 (20:02 +0000)
diff --git a/src/cdf.c b/src/cdf.c

index b11b4161d0a4e00fdebaea70ba44ceaef321a37e..54e168d2a526b01ff29fcac6eba50af264b8db1e 100644 (file)
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -35,7 +35,7 @@
  #include "file.h"
  
  #ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.101 2017/04/12 14:57:22 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.102 2017/04/22 20:02:34 christos Exp $")
  #endif
  
  #include <assert.h>
@@ -961,7 +961,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
                     i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
                 left = CAST(size_t, e - q);
                 if (inp[i].pi_type & CDF_VECTOR) {
-                       if (left < sizeof(uint32_t)) {
+                       if (left < sizeof(uint32_t) * 2) {
                                 DPRINTF(("missing CDF_VECTOR length\n"));
                                 goto out;
                         }
author	Christos Zoulas <christos@zoulas.com>
	Sat, 22 Apr 2017 20:02:34 +0000 (20:02 +0000)
committer	Christos Zoulas <christos@zoulas.com>
	Sat, 22 Apr 2017 20:02:34 +0000 (20:02 +0000)