aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/binary/reader.rs2
-rw-r--r--tests/fuzzer.rs6
2 files changed, 7 insertions, 1 deletions
diff --git a/src/binary/reader.rs b/src/binary/reader.rs
index 600d3b3..474e69d 100644
--- a/src/binary/reader.rs
+++ b/src/binary/reader.rs
@@ -145,7 +145,7 @@ impl<R: Read + Seek> EventReader<R> {
fn seek_to_object(&mut self, object_ref: u64) -> Result<u64> {
let object_ref = try!(u64_to_usize(object_ref));
- let offset = *&self.object_offsets[object_ref];
+ let offset = *self.object_offsets.get(object_ref).ok_or(Error::InvalidData)?;
let pos = try!(self.reader.seek(SeekFrom::Start(offset)));
Ok(pos)
}
diff --git a/tests/fuzzer.rs b/tests/fuzzer.rs
index 701df5e..4d7b151 100644
--- a/tests/fuzzer.rs
+++ b/tests/fuzzer.rs
@@ -15,6 +15,12 @@ fn too_large_allocation_2() {
test_fuzzer_data_err(data);
}
+#[test]
+fn empty_offset_table() {
+ let data = b"bplist00;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00<)\x9fXTX(";
+ test_fuzzer_data_err(data);
+}
+
fn test_fuzzer_data_err(data: &[u8]) {
let cursor = Cursor::new(data);
let res = Plist::read(cursor);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 22:10:49 +0000