data->case_sensitive = ((magic == GRUB_HFSPLUSX_MAGIC) &&
(header.key_compare == GRUB_HFSPLUSX_BINARYCOMPARE));
+ if (data->catalog_tree.nodesize < 2)
+ goto fail;
+
if (grub_hfsplus_read_file (&data->extoverflow_tree.file, 0, 0,
sizeof (struct grub_hfsplus_btnode),
sizeof (header), (char *) &header) <= 0)
data->extoverflow_tree.root = grub_be_to_cpu32 (header.root);
data->extoverflow_tree.nodesize = grub_be_to_cpu16 (header.nodesize);
+ if (data->extoverflow_tree.nodesize < 2)
+ goto fail;
+
if (grub_hfsplus_read_file (&data->attr_tree.file, 0, 0,
sizeof (struct grub_hfsplus_btnode),
sizeof (header), (char *) &header) <= 0)
grub_uint16_t keylen;
grub_uint32_t parent;
grub_uint16_t namelen;
- grub_uint16_t name[30];
+ grub_uint16_t name[0];
} GRUB_PACKED;
/* The on disk layout of an extent overflow file key. */
/* Return the offset of the record with the index INDEX, in the node
NODE which is part of the B+ tree BTREE. */
-static inline grub_off_t
+static inline grub_uint16_t
grub_hfsplus_btree_recoffset (struct grub_hfsplus_btree *btree,
- struct grub_hfsplus_btnode *node, int index)
+ struct grub_hfsplus_btnode *node, unsigned index)
{
char *cnode = (char *) node;
void *recptr;
+ if (btree->nodesize < index * sizeof (grub_uint16_t) + 2)
+ index = 0;
recptr = (&cnode[btree->nodesize - index * sizeof (grub_uint16_t) - 2]);
return grub_be_to_cpu16 (grub_get_unaligned16 (recptr));
}
NODE which is part of the B+ tree BTREE. */
static inline struct grub_hfsplus_key *
grub_hfsplus_btree_recptr (struct grub_hfsplus_btree *btree,
- struct grub_hfsplus_btnode *node, int index)
+ struct grub_hfsplus_btnode *node, unsigned index)
{
char *cnode = (char *) node;
- grub_off_t offset;
+ grub_uint16_t offset;
offset = grub_hfsplus_btree_recoffset (btree, node, index);
+ if (offset > btree->nodesize - sizeof (struct grub_hfsplus_key))
+ offset = 0;
return (struct grub_hfsplus_key *) &cnode[offset];
}
projects / thirdparty / grub.git / commitdiff
