Andrew's git / gitweb.git / blobdiff
?
patch-delta: fix oob read
[gitweb.git] / patch-delta.c
diff --git a/patch-delta.c b/patch-delta.c
index 56e0a5ede22c9396fc897bf1d3444dce92d8916f..b937afd2c99c8ac40b2eaa37620a6942e46f8b4c 100644 (file)
--- a/patch-delta.c
+++ b/patch-delta.c
@@ -56,7 +56,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
                        out += cp_size;
                        size -= cp_size;
                } else if (cmd) {
-                       if (cmd > size)
+                       if (cmd > size || cmd > top - data)
                                break;
                        memcpy(out, data, cmd);
                        out += cmd;