Skip to content
Permalink
Browse files Browse the repository at this point in the history
apply patch from Robert Scott to fix - shifting some bounds checking
  • Loading branch information
ilanschnell committed Jul 14, 2020
1 parent e87f25b commit 49a4cee
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions bsdiff4/core.c
Expand Up @@ -431,8 +431,7 @@ static PyObject* patch(PyObject* self, PyObject* args)
y = PyLong_AsLong(PyTuple_GET_ITEM(tuple, 1));
z = PyLong_AsLong(PyTuple_GET_ITEM(tuple, 2));
if (newpos + x > newDataLength ||
diffPtr + x > diffBlock + diffBlockLength ||
extraPtr + y > extraBlock + extraBlockLength) {
diffPtr + x > diffBlock + diffBlockLength) {
PyMem_Free(newData);
PyErr_SetString(PyExc_ValueError, "corrupt patch (overflow)");
return NULL;
Expand All @@ -444,6 +443,12 @@ static PyObject* patch(PyObject* self, PyObject* args)
newData[newpos + j] += origData[oldpos + j];
newpos += x;
oldpos += x;
if (newpos + y > newDataLength ||
extraPtr + y > extraBlock + extraBlockLength) {
PyMem_Free(newData);
PyErr_SetString(PyExc_ValueError, "corrupt patch (overflow)");
return NULL;
}
memcpy(newData + newpos, extraPtr, y);
extraPtr += y;
newpos += y;
Expand Down

0 comments on commit 49a4cee

Please sign in to comment.