summaryrefslogtreecommitdiff
path: root/lib/sqfs/read_inode.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/sqfs/read_inode.c')
-rw-r--r--lib/sqfs/read_inode.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/sqfs/read_inode.c b/lib/sqfs/read_inode.c
index 79c5a55..e4b4dfa 100644
--- a/lib/sqfs/read_inode.c
+++ b/lib/sqfs/read_inode.c
@@ -159,6 +159,7 @@ static sqfs_inode_generic_t *read_inode_slink(meta_reader_t *ir,
{
sqfs_inode_generic_t *out;
sqfs_inode_slink_t slink;
+ size_t size;
if (meta_reader_read(ir, &slink, sizeof(slink)))
return NULL;
@@ -166,12 +167,15 @@ static sqfs_inode_generic_t *read_inode_slink(meta_reader_t *ir,
SWAB32(slink.nlink);
SWAB32(slink.target_size);
- out = calloc(1, sizeof(*out) + slink.target_size + 1);
- if (out == NULL) {
- perror("reading symlink inode");
- return NULL;
+ if (SZ_ADD_OV(slink.target_size, 1, &size) ||
+ SZ_ADD_OV(sizeof(*out), size, &size)) {
+ goto fail;
}
+ out = calloc(1, size);
+ if (out == NULL)
+ goto fail;
+
out->slink_target = (char *)out->extra;
out->base = *base;
out->data.slink = slink;
@@ -182,6 +186,9 @@ static sqfs_inode_generic_t *read_inode_slink(meta_reader_t *ir,
}
return out;
+fail:
+ perror("reading symlink inode");
+ return NULL;
}
static sqfs_inode_generic_t *read_inode_slink_ext(meta_reader_t *ir,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 06:29:20 +0000