Skip to content

Commit

Permalink
bb11601 - check array boundaries in unrarvm rarvm_getbits().
Browse files Browse the repository at this point in the history
  • Loading branch information
Steven Morgan committed Jul 13, 2016
1 parent 64f9b9b commit da520c3
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions libclamunrar/unrarvm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,12 +215,15 @@ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
{
unsigned int bit_field;

bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
bit_field >>= (8-rarvm_input->in_bit);
if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
bit_field >>= (8-rarvm_input->in_bit);

return (bit_field & 0xffff);
return (bit_field & 0xffff);
}
return 0;
}

unsigned int rarvm_read_data(rarvm_input_t *rarvm_input)
Expand Down

0 comments on commit da520c3

Please sign in to comment.