From e7dda79015d1a09ce2764b27137b5de08a3268cb Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Thu, 25 Jul 2019 15:33:59 +0200 Subject: Fix fragment reader out of bounds read when loading table This commit fixes a bug in the fragment table reader where the reader tries to read data into an out of bounds location due to an oversight in size calculation. Signed-off-by: David Oberhollenzer --- lib/sqfs/frag_reader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/sqfs/frag_reader.c b/lib/sqfs/frag_reader.c index 721286c..51b40e9 100644 --- a/lib/sqfs/frag_reader.c +++ b/lib/sqfs/frag_reader.c @@ -110,8 +110,8 @@ frag_reader_t *frag_reader_create(sqfs_super_t *super, int fd, goto fail; diff = SQFS_META_BLOCK_SIZE / sizeof(tbl[0]); - if (diff > count) - diff = count; + if (diff > (count - j)) + diff = count - j; if (meta_reader_read(m, tbl + j, diff * sizeof(tbl[0]))) goto fail; -- cgit v1.2.3