diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2023-02-11 11:57:39 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2023-02-11 11:59:52 +0200 |
commit | 3da78400eafcccb97e2f2fd4b227ea40d794ede8 (patch) | |
tree | 1a8c652ab874ffe7e4c7f59d02bb78492f224456 | |
parent | 02402920f871a42099cb5af535815a27ccd3ed0f (diff) | |
download | tar-3da78400eafcccb97e2f2fd4b227ea40d794ede8.tar.gz |
Fix boundary checking in base-256 decoder
* src/list.c (from_header): Base-256 encoding is at least 2 bytes
long.
-rw-r--r-- | src/list.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type, where++; } } - else if (*where == '\200' /* positive base-256 */ - || *where == '\377' /* negative base-256 */) + else if (where <= lim - 2 + && (*where == '\200' /* positive base-256 */ + || *where == '\377' /* negative base-256 */)) { /* Parse base-256 output. A nonnegative number N is represented as (256**DIGS)/2 + N; a negative number -N is |