ISO reader: fix possible heap buffer overflow in read_children()

author Martin Matuska <martin@matuska.org>

Wed, 30 Mar 2022 19:14:00 +0000 (21:14 +0200)

committer Martin Matuska <martin@matuska.org>

Wed, 30 Mar 2022 21:41:14 +0000 (23:41 +0200)
author Martin Matuska <martin@matuska.org>
Wed, 30 Mar 2022 19:14:00 +0000 (21:14 +0200)
committer Martin Matuska <martin@matuska.org>
Wed, 30 Mar 2022 21:41:14 +0000 (23:41 +0200)
diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c

index db14d41dff45b03c352cf54246e3366799aa8004..cd7f92f464d66f77fd3dd580c659d4064ff88ec5 100644 (file)
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -1007,7 +1007,8 @@ read_children(struct archive_read *a, struct file_info *parent)
                 p = b;
                 b += iso9660->logical_block_size;
                 step -= iso9660->logical_block_size;
-               for (; *p != 0 && p < b && p + *p <= b; p += *p) {
+               for (; *p != 0 && p + DR_name_offset < b && p + *p <= b;
+                       p += *p) {
                         struct file_info *child;
  
                         /* N.B.: these special directory identifiers
author	Martin Matuska <martin@matuska.org>
	Wed, 30 Mar 2022 19:14:00 +0000 (21:14 +0200)
committer	Martin Matuska <martin@matuska.org>
	Wed, 30 Mar 2022 21:41:14 +0000 (23:41 +0200)