From: Michael Schroeder <mls@suse.de>
Date: Fri, 20 Jul 2018 12:04:58 +0000 (+0200)
Subject: zchunk: fix bounds check in getuint
X-Git-Tag: 0.6.35~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6657a285dce9e65c829436dce7804f3e0d2642f;p=thirdparty%2Flibsolv.git

zchunk: fix bounds check in getuint
---

diff --git a/ext/solv_zchunk.c b/ext/solv_zchunk.c
index 3843c9be..a8b7f8e2 100644
--- a/ext/solv_zchunk.c
+++ b/ext/solv_zchunk.c
@@ -58,27 +58,27 @@ getuint(unsigned char *p, unsigned char *endp, unsigned int *dp)
 {
   if (!p || p >= endp)
     return 0;
-  if (p <= endp && (*p & 0x80) != 0)
+  if (p < endp && (*p & 0x80) != 0)
     {
       *dp = p[0] ^ 0x80;
       return p + 1;
     }
-  if (++p <= endp && (*p & 0x80) != 0)
+  if (++p < endp && (*p & 0x80) != 0)
     {
       *dp = p[-1] ^ ((p[0] ^ 0x80) << 7);
       return p + 1;
     }
-  if (++p <= endp && (*p & 0x80) != 0)
+  if (++p < endp && (*p & 0x80) != 0)
     {
       *dp = p[-2] ^ (p[-1] << 7) ^ ((p[0] ^ 0x80) << 14);
       return p + 1;
     }
-  if (++p <= endp && (*p & 0x80) != 0)
+  if (++p < endp && (*p & 0x80) != 0)
     {
       *dp = p[-3] ^ (p[-2] << 7) ^ (p[1] << 14) ^ ((p[0] ^ 0x80) << 21);
       return p + 1;
     }
-  if (++p <= endp && (*p & 0xf0) == 0x80)
+  if (++p < endp && (*p & 0xf0) == 0x80)
     {
       *dp = p[-4] ^ (p[-3] << 7) ^ (p[2] << 14) ^ (p[1] << 21) ^ ((p[0] ^ 0x80) << 28);
       return p + 1;