Permalink
Browse files

Add check for valid fieldname size

As reported by honggfuzz
  • Loading branch information...
tbeu committed Nov 25, 2017
1 parent a32481e commit 406438f497931f45fb3edf6de17d3a59a922c257
Showing with 10 additions and 2 deletions.
  1. +10 −2 src/mat5.c
View
@@ -1559,8 +1559,12 @@ ReadNextStructField( mat_t *mat, matvar_t *matvar )
}
if ( (uncomp_buf[0] & 0x0000ffff) == MAT_T_INT32 ) {
fieldname_size = uncomp_buf[1];
if ( 0 >= fieldname_size ) {
Mat_Critical("Size of fieldname must be positive");
return bytesread;
}
} else {
Mat_Warning("Error getting fieldname size");
Mat_Critical("Error getting fieldname size");
return bytesread;
}
@@ -1741,8 +1745,12 @@ ReadNextStructField( mat_t *mat, matvar_t *matvar )
}
if ( (buf[0] & 0x0000ffff) == MAT_T_INT32 ) {
fieldname_size = buf[1];
if ( 0 >= fieldname_size ) {
Mat_Critical("Size of fieldname must be positive");
return bytesread;
}
} else {
Mat_Warning("Error getting fieldname size");
Mat_Critical("Error getting fieldname size");
return bytesread;
}
bytesread+=fread(buf,4,2,(FILE*)mat->fp);

0 comments on commit 406438f

Please sign in to comment.