Skip to content

Commit

Permalink
SAS7BDAT reader: Improved bounds checking
Browse files Browse the repository at this point in the history
Fixes oss-fuzz/13262
  • Loading branch information
evanmiller committed Apr 14, 2019
1 parent 961eefa commit f57262d
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions src/sas/readstat_sas7bdat_read.c
Original file line number Diff line number Diff line change
Expand Up @@ -725,7 +725,7 @@ static readstat_error_t sas7bdat_parse_page_pass1(const char *page, size_t page_
const char *shp = &page[ctx->page_header_size];
int lshp = ctx->subheader_pointer_size;

if (ctx->page_header_size + subheader_count*lshp > ctx->page_size) {
if (ctx->page_header_size + subheader_count*lshp > page_size) {
retval = READSTAT_ERROR_PARSE;
goto cleanup;
}
Expand Down Expand Up @@ -785,10 +785,16 @@ static readstat_error_t sas7bdat_parse_page_pass2(const char *page, size_t page_

int i;
const char *shp = &page[ctx->page_header_size];
int lshp = ctx->subheader_pointer_size;

if (ctx->page_header_size + subheader_count*lshp > page_size) {
retval = READSTAT_ERROR_PARSE;
goto cleanup;
}

for (i=0; i<subheader_count; i++) {
subheader_pointer_t shp_info = { 0 };
uint32_t signature = 0;
int lshp = ctx->subheader_pointer_size;
if ((retval = sas7bdat_parse_subheader_pointer(shp, page + page_size - shp, &shp_info, ctx)) != READSTAT_OK) {
goto cleanup;
}
Expand Down

0 comments on commit f57262d

Please sign in to comment.