lsm/mdbtools
1
0
Fork 0
mirror of https://github.com/mdbtools/mdbtools.git synced 2026-02-25 21:26:41 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improved bounds checking (fixes oss-fuzz/29328)

Browse Source
This commit is contained in:
Evan Miller
2021-01-07 18:46:07 -05:00
parent 9e883cb100
commit 9b5e591905
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/libmdb/write.c
View File

@@ -139,6 +139,9 @@ mdb_crack_row3(MdbHandle *mdb, unsigned int row_start, unsigned int row_end,
if (bitmask_sz + num_jumps + 1 > row_end) if (bitmask_sz + num_jumps + 1 > row_end)
return 0; return 0;
if (col_ptr >= mdb->fmt->pg_size || col_ptr < row_var_cols)
return 0;
jumps_used = 0; jumps_used = 0;
for (i=0; i<row_var_cols+1; i++) { for (i=0; i<row_var_cols+1; i++) {
while ((jumps_used < num_jumps) while ((jumps_used < num_jumps)