Don’t panic on invalid object references.v0.1.2

author: Edward Barnard 2017-03-03 13:59:05 +0000
committer: Edward Barnard 2017-03-03 14:05:31 +0000
commit: f7c3d0d0875e1e3c2b2b317581416e5c389197dd (patch)
tree: f92183f3c837936280f752a3aa8f183b6baf3a14
parent: 62cae5d6ea74e2a9d95ed4b68a1b74b78f49d31e (diff)
download: rust-plist-0.1.2.tar.bz2
2 files changed, 7 insertions, 1 deletions
diff --git a/src/binary/reader.rs b/src/binary/reader.rs
index 600d3b3..474e69d 100644
--- a/src/binary/reader.rs
+++ b/src/binary/reader.rs
@@ -145,7 +145,7 @@ impl<R: Read + Seek> EventReader<R> {
 
     fn seek_to_object(&mut self, object_ref: u64) -> Result<u64> {
         let object_ref = try!(u64_to_usize(object_ref));
-        let offset = *&self.object_offsets[object_ref];
+        let offset = *self.object_offsets.get(object_ref).ok_or(Error::InvalidData)?;
         let pos = try!(self.reader.seek(SeekFrom::Start(offset)));
         Ok(pos)
     }
diff --git a/tests/fuzzer.rs b/tests/fuzzer.rs
index 701df5e..4d7b151 100644
--- a/tests/fuzzer.rs
+++ b/tests/fuzzer.rs
@@ -15,6 +15,12 @@ fn too_large_allocation_2() {
     test_fuzzer_data_err(data);
 }
 
+#[test]
+fn empty_offset_table() {
+    let data = b"bplist00;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00<)\x9fXTX(";
+    test_fuzzer_data_err(data);
+}
+
 fn test_fuzzer_data_err(data: &[u8]) {
     let cursor = Cursor::new(data);
     let res = Plist::read(cursor);
author	Edward Barnard	2017-03-03 13:59:05 +0000
committer	Edward Barnard	2017-03-03 14:05:31 +0000
commit	f7c3d0d0875e1e3c2b2b317581416e5c389197dd (patch)
tree	f92183f3c837936280f752a3aa8f183b6baf3a14
parent	62cae5d6ea74e2a9d95ed4b68a1b74b78f49d31e (diff)
download	rust-plist-0.1.2.tar.bz2