commit: 5574f98fd76030581c75622bcb7f2f2c85cad234
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 20 17:22:29 2019 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Nov 20 17:22:29 2019 +0000
URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=5574f98f
libq/xpak: fix out of bounds checking
Don't check bounds if there is no data retrieved, and make sure we check
the bounds on the data length, not index length.
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
libq/tree.c | 2 +-
libq/xpak.c | 11 ++++++-----
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/libq/tree.c b/libq/tree.c
index 427281f..a383950 100644
--- a/libq/tree.c
+++ b/libq/tree.c
@@ -1094,7 +1094,7 @@ tree_foreach_packages(tree_ctx *ctx, tree_pkg_cb
callback, void *priv)
cat->name = atom->CATEGORY;
pkg->name = atom->PN;
- pkg->slot = meta->SLOT == NULL ? "0" :
meta->SLOT;
+ pkg->slot = meta->SLOT == NULL ? (char *)"0" :
meta->SLOT;
pkg->repo = ctx->repo;
pkg->atom = atom;
diff --git a/libq/xpak.c b/libq/xpak.c
index 71dc17e..90a3570 100644
--- a/libq/xpak.c
+++ b/libq/xpak.c
@@ -79,11 +79,12 @@ static void _xpak_walk_index(
p += 4;
/* check offset and len individually to deal with overflow */
- if (data_offset > x->index_len ||
- data_len > x->index_len ||
- data_offset + data_len > x->index_len)
- err("Data for '%s' is out of bounds: offset=%u,
len=%u\n",
- pathname, data_len, data_offset);
+ if (x->data != NULL &&
+ (data_offset > x->data_len ||
+ data_len > x->data_len ||
+ data_offset + data_len > x->data_len))
+ err("Data for '%s' is out of bounds: offset=%u, len=%u,
size=%u\n",
+ pathname, data_len, data_offset,
x->data_len);
(*func)(x->ctx, pathname, pathname_len,
data_offset, data_len, x->data);
