Browse code
fuzz - 12513 - fixing aspack single byte heap overread
Mickey Sola authored on 2019/01/19 04:46:50Showing 1 changed files
| ... | ... |
@@ -395,7 +395,9 @@ int unaspack(uint8_t *image, unsigned int size, struct cli_exe_section *sections |
| 395 | 395 |
|
| 396 | 396 |
for (i = 0; i < 58; i++) {
|
| 397 | 397 |
stream.init_array[i] = j; |
| 398 |
- j += ( 1 << image[ep+i+stream_init_multiplier_offset]); /* boundchecked in pe.c */ |
|
| 398 |
+ if (ep + i + stream_init_multiplier_offset < size) {
|
|
| 399 |
+ j += (1 << image[ep + i + stream_init_multiplier_offset]); |
|
| 400 |
+ } |
|
| 399 | 401 |
} |
| 400 | 402 |
|
| 401 | 403 |
memset(stream.array1,0,sizeof(stream.array1)); |