File tree 1 file changed +11
-1
lines changed
1 file changed +11
-1
lines changed Original file line number Diff line number Diff line change @@ -517,6 +517,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
517517
518518 rsrc .type_offset = rsrc .map_offset + 30 ;
519519
520+ if (rsrc .map_offset + 28 > rsrc .rsrc_len )
521+ { psf_log_printf (psf , "Bad map offset.\n" ) ;
522+ goto parse_rsrc_fork_cleanup ;
523+ } ;
524+
520525 rsrc .type_count = read_rsrc_short (& rsrc , rsrc .map_offset + 28 ) + 1 ;
521526 if (rsrc .type_count < 1 )
522527 { psf_log_printf (psf , "Bad type count.\n" ) ;
@@ -533,7 +538,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
533538
534539 rsrc .str_index = -1 ;
535540 for (k = 0 ; k < rsrc .type_count ; k ++ )
536- { marker = read_rsrc_marker (& rsrc , rsrc .type_offset + k * 8 ) ;
541+ { if (rsrc .type_offset + k * 8 > rsrc .rsrc_len )
542+ { psf_log_printf (psf , "Bad rsrc marker.\n" ) ;
543+ goto parse_rsrc_fork_cleanup ;
544+ } ;
545+
546+ marker = read_rsrc_marker (& rsrc , rsrc .type_offset + k * 8 ) ;
537547
538548 if (marker == STR_MARKER )
539549 { rsrc .str_index = k ;
You can’t perform that action at this time.
0 commit comments