Merge pull request #376 from jwrdegoede/oss-fuzz-36187-null-ptr-deref-fix

Fix null-ptr deref when table->map_sz is 0
2026-03-10 00:20:54 +08:00 · 2022-01-25 10:24:14 -05:00
parent bcad261464 4febc7b5c6
commit 2da65ffdb3
1 changed files with 6 additions and 0 deletions
--- a/src/libmdb/table.c
+++ b/src/libmdb/table.c
@@ -92,6 +92,12 @@ MdbTableDef *mdb_read_table(MdbCatalogEntry *entry)
 		mdb_free_tabledef(table);
 		return NULL;
 	}
+	/* First byte of usage_map is the map-type and must always be present */
+	if (table->map_sz < 1) {
+		fprintf(stderr, "mdb_read_table: invalid map-size: %zu\n", table->map_sz);
+		mdb_free_tabledef(table);
+		return NULL;
+	}
 	table->usage_map = g_memdup2((char*)buf + row_start, table->map_sz);
 	if (mdb_get_option(MDB_DEBUG_USAGE)) 
 		mdb_buffer_dump(buf, row_start, table->map_sz);