From e7dda79015d1a09ce2764b27137b5de08a3268cb Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Date: Thu, 25 Jul 2019 15:33:59 +0200
Subject: Fix fragment reader out of bounds read when loading table

This commit fixes a bug in the fragment table reader where the reader
tries to read data into an out of bounds location due to an oversight
in size calculation.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 lib/sqfs/frag_reader.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/sqfs/frag_reader.c b/lib/sqfs/frag_reader.c
index 721286c..51b40e9 100644
--- a/lib/sqfs/frag_reader.c
+++ b/lib/sqfs/frag_reader.c
@@ -110,8 +110,8 @@ frag_reader_t *frag_reader_create(sqfs_super_t *super, int fd,
 			goto fail;
 
 		diff = SQFS_META_BLOCK_SIZE / sizeof(tbl[0]);
-		if (diff > count)
-			diff = count;
+		if (diff > (count - j))
+			diff = count - j;
 
 		if (meta_reader_read(m, tbl + j, diff * sizeof(tbl[0])))
 			goto fail;
-- 
cgit v1.2.3