Merge "bspatch_fuzzer: guard againts integer overflow with bad patch"
diff --git a/bspatch.cc b/bspatch.cc
index d552dcf..d7f1710 100644
--- a/bspatch.cc
+++ b/bspatch.cc
@@ -34,6 +34,7 @@
#include <fcntl.h>
#include <inttypes.h>
#include <stdio.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
@@ -329,6 +330,8 @@
// Adjust pointers.
newpos += control_entry.diff_size;
+ if (oldpos > INT64_MAX - static_cast<int64_t>(control_entry.diff_size))
+ return 2;
oldpos += control_entry.diff_size;
if (oldpos > static_cast<int64_t>(old_file_size)) {
@@ -358,6 +361,9 @@
// Adjust pointers.
newpos += control_entry.extra_size;
+ if (control_entry.offset_increment > 0 &&
+ oldpos > INT64_MAX - control_entry.offset_increment)
+ return 2;
oldpos += control_entry.offset_increment;
}