repo_apkv3: improve blob length check

mlschroe · mlschroe · commit c8264f9eb481 · 2025-08-05T11:14:27.000+02:00
diff --git a/ext/repo_apkv3.c b/ext/repo_apkv3.c
@@ -54,7 +54,7 @@ adb_blob(const unsigned char *adb, size_t adblen, unsigned int v, size_t *bloblp
       blobl |= adb[v++] << 16;
       blobl |= adb[v++] << 24;
     }
-  if (v + blobl > adblen)
+  if (blobl > adblen || v + blobl > adblen)
     return 0;
   *bloblp = blobl;
   return adb + v;

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ adb_blob(const unsigned char adb, size_t adblen, unsigned int v, size_t bloblp`
`54`	`54`	`blobl \|= adb[v++] << 16;`
`55`	`55`	`blobl \|= adb[v++] << 24;`
`56`	`56`	`}`
`57`		`- if (v + blobl > adblen)`
	`57`	`+ if (blobl > adblen \|\| v + blobl > adblen)`
`58`	`58`	`return 0;`
`59`	`59`	`*bloblp = blobl;`
`60`	`60`	`return adb + v;`