From: Stefan Sperling <stsp@stsp.name>
Subject: Re: missing `goto done' in read_raw_delta_data
To: Omar Polo <op@omarpolo.com>
Cc: gameoftrees@openbsd.org
Date: Mon, 24 Oct 2022 22:18:24 +0200

On Mon, Oct 24, 2022 at 09:32:57PM +0200, Omar Polo wrote:
> as per subject, otherwise we read out of bound.

Whoops. Obvious fix, ok.

> diff 88dec1791eeb2f779795789b119d5bf675c24b6a 0a8a9c8f2be324315ed3529bb48871c3bd0505b4
> commit - 88dec1791eeb2f779795789b119d5bf675c24b6a
> commit + 0a8a9c8f2be324315ed3529bb48871c3bd0505b4
> blob - 5779ba728d64bd7ba33214a09f3f0a31c5caf882
> blob + becc8ffd68217466f0bad6d811196c0d7137e4df
> --- lib/pack.c
> +++ lib/pack.c
> @@ -1781,8 +1781,10 @@ read_raw_delta_data(uint8_t **delta_buf, size_t *delta
>  		goto done;
>  	}
>  	if (pack->map) {
> -		if (delta_data_offset >= pack->filesize)
> +		if (delta_data_offset >= pack->filesize) {
>  			err = got_error(GOT_ERR_PACK_OFFSET);
> +			goto done;
> +		}
>  		memcpy(*delta_buf, pack->map + delta_data_offset,
>  		    *delta_len_compressed);
>  	} else {
> 
> 
>