From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 22 Apr 2017 20:02:34 +0000 (+0000)
Subject: fix out of bounds read; found by oss-fuzz
X-Git-Tag: FILE5_31~13
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aee11eef72edee489d7a05f51a395352f241bfb5;p=file

fix out of bounds read; found by oss-fuzz
---

diff --git a/src/cdf.c b/src/cdf.c
index b11b4161..54e168d2 100644
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -35,7 +35,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.101 2017/04/12 14:57:22 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.102 2017/04/22 20:02:34 christos Exp $")
 #endif
 
 #include <assert.h>
@@ -961,7 +961,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
 		    i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
 		left = CAST(size_t, e - q);
 		if (inp[i].pi_type & CDF_VECTOR) {
-			if (left < sizeof(uint32_t)) {
+			if (left < sizeof(uint32_t) * 2) {
 				DPRINTF(("missing CDF_VECTOR length\n"));
 				goto out;
 			}