From: Martin Koegler <martin.koegler@xxxxxxxxx>
Signed-off-by: Martin Koegler <martin.koegler@xxxxxxxxx>
---
Applies on top of my size_t series
I'm not sure, if die or error is better.
delta.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/delta.h b/delta.h
index 2df0f55..18a4983 100644
--- a/delta.h
+++ b/delta.h
@@ -96,6 +96,11 @@ static inline size_t get_delta_hdr_size(const unsigned char **datap,
cmd = *data++;
size |= (cmd & 0x7f) << i;
i += 7;
+ if (bitsizeof(size_t) <= i) {
+ error("too large object size");
+ size = 0;
+ break;
+ }
} while (cmd & 0x80 && data < top);
*datap = data;
return size;
--
2.1.4
