Skip to content

Commit d39a171

Browse files
committed
Fixed security issue 1
1 parent 50ee637 commit d39a171

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

Diff for: src/hdf/btree.c

+6-6
Original file line numberDiff line numberDiff line change
@@ -307,8 +307,8 @@ int treeRead(struct READER *reader, struct DATAOBJECT *data) {
307307
for (i = 0; i < olen; i++) {
308308
b = i / elements;
309309
x = i % elements + start[0];
310-
if (x < sx) {
311-
j = x * size + b;
310+
j = x * size + b;
311+
if (j>=0 && j < elements * size) {
312312
((char*)data->data)[j] = output[i];
313313
}
314314
}
@@ -319,8 +319,8 @@ int treeRead(struct READER *reader, struct DATAOBJECT *data) {
319319
x = i % elements;
320320
y = x % dy + start[1];
321321
x = x / dy + start[0];
322-
if (y < sy && x < sx) {
323-
j = ((x * sy + y) * size) + b;
322+
j = ((x * sy + y) * size) + b;
323+
if (j>=0 && j < elements * size) {
324324
((char*)data->data)[j] = output[i];
325325
}
326326
}
@@ -332,8 +332,8 @@ int treeRead(struct READER *reader, struct DATAOBJECT *data) {
332332
z = x % dz + start[2];
333333
y = (x / dz) % dy + start[1];
334334
x = (x / dzy) + start[0];
335-
if (z < sz && y < sy && x < sx) {
336-
j = (x * szy + y * sz + z) * size + b;
335+
j = (x * szy + y * sz + z) * size + b;
336+
if (j>=0 && j < elements * size) {
337337
((char*)data->data)[j] = output[i];
338338
}
339339
}

0 commit comments

Comments
 (0)