Commit bc8f0d7d authored by Petri Hintukainen's avatar Petri Hintukainen

decode_logical_volume(): fix OOB read (corrupt input)

parent 09dcebc2
...@@ -150,6 +150,11 @@ void decode_logical_volume(const uint8_t *p, struct logical_volume_descriptor *l ...@@ -150,6 +150,11 @@ void decode_logical_volume(const uint8_t *p, struct logical_volume_descriptor *l
map_size = sizeof(lvd->partition_map_table); map_size = sizeof(lvd->partition_map_table);
} }
/* input size is one block (2048 bytes) */
if (map_size > 2048 - 440) {
map_size = 2048 - 440;
}
memcpy(lvd->partition_map_table, p + 440, map_size); memcpy(lvd->partition_map_table, p + 440, map_size);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment