From: Martin Matuska <martin@matuska.org>
Date: Wed, 30 Mar 2022 19:14:00 +0000 (+0200)
Subject: ISO reader: fix possible heap buffer overflow in read_children()
X-Git-Tag: v3.6.1~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9ad5f077491b9536f01dadca1724385c39cd7613;p=thirdparty%2Flibarchive.git

ISO reader: fix possible heap buffer overflow in read_children()

OSS-Fuzz issue: 38764
Fixes #1685
---

diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
index db14d41df..cd7f92f46 100644
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -1007,7 +1007,8 @@ read_children(struct archive_read *a, struct file_info *parent)
 		p = b;
 		b += iso9660->logical_block_size;
 		step -= iso9660->logical_block_size;
-		for (; *p != 0 && p < b && p + *p <= b; p += *p) {
+		for (; *p != 0 && p + DR_name_offset < b && p + *p <= b;
+			p += *p) {
 			struct file_info *child;
 
 			/* N.B.: these special directory identifiers