commit 6cf83e6acc490e33ba4d6792960b0f4f2bc8b674
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Tue Oct 25 19:41:41 2022 UTC

add bounds check when reading a delta offset from a packed object

ok stsp@

commit - 30d415a5040946f62a5e9e8c6bf6ccf7f5509541
commit + 6cf83e6acc490e33ba4d6792960b0f4f2bc8b674
blob - 75fd869d94b8a9a4d3520526681e26e985525247
blob + 0feb1d0818c2aa4643d34ad02023d8423dcb3533
--- lib/pack_index.c
+++ lib/pack_index.c
@@ -312,6 +312,12 @@ read_packed_object(struct got_pack *pack, struct got_i
 			break;
 
 		if (pack->map) {
+			if (mapoff + obj->delta.ofs.base_offsetlen >=
+			    pack->filesize) {
+				err = got_error(GOT_ERR_BAD_PACKFILE);
+				break;
+			}
+
 			obj->crc = crc32(obj->crc, pack->map + mapoff,
 			    obj->delta.ofs.base_offsetlen);
 			SHA1Update(pack_sha1_ctx, pack->map + mapoff,