fix potential buffer underflow read in deb_extractor

author: Christian Grothoff <christian@grothoff.org> 2017-10-15 19:59:51 +0200
committer: Christian Grothoff <christian@grothoff.org> 2017-10-15 19:59:51 +0200
commit: 71aa4223b2770a9243ddc86457bcd2fdcf47d922 (patch)
tree: f3cd03d9039c2c14687da741d6025ad598a225ae /src/plugins/deb_extractor.c
parent: b933ab4aa3447ed94701b8fb013f1c765f3375dc (diff)
download: libextractor-71aa4223b2770a9243ddc86457bcd2fdcf47d922.tar.gz
libextractor-71aa4223b2770a9243ddc86457bcd2fdcf47d922.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/plugins/deb_extractor.c b/src/plugins/deb_extractor.c
index afbe8bb..2eb0028 100644
--- a/src/plugins/deb_extractor.c
+++ b/src/plugins/deb_extractor.c
@@ -365,6 +365,8 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
    return 0;
  if (0 == size)
    return 0;
+  if (size < 4)
+    return 0;
  if (NULL == (cdata = malloc (size)))
    return 0;
  off = 0;
@@ -375,7 +377,9 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
          free (cdata);
          return 0;
        }
-      memcpy (&cdata[off], data, sret);
+      memcpy (&cdata[off],
+              data,
+              sret);
      off += sret;
    }
  bufSize = cdata[size - 4] + (cdata[size - 3] << 8) + (cdata[size - 2] << 16) + (cdata[size - 1] << 24);
author	Christian Grothoff <christian@grothoff.org>	2017-10-15 19:59:51 +0200
committer	Christian Grothoff <christian@grothoff.org>	2017-10-15 19:59:51 +0200
commit	71aa4223b2770a9243ddc86457bcd2fdcf47d922 (patch)
tree	f3cd03d9039c2c14687da741d6025ad598a225ae /src/plugins/deb_extractor.c
parent	b933ab4aa3447ed94701b8fb013f1c765f3375dc (diff)
download	libextractor-71aa4223b2770a9243ddc86457bcd2fdcf47d922.tar.gz libextractor-71aa4223b2770a9243ddc86457bcd2fdcf47d922.zip