music: Check data size against actual file size.

[upkg.git] / src / engine / music.gob

diff --git a/src/engine/music.gob b/src/engine/music.gob
index 879e0adbbf0c66f6cf8d61b516b6f48e59420bd3..f0bde09f4ace15b4aa0c48225e245c03e13afa67 100644 (file)
--- a/src/engine/music.gob
+++ b/src/engine/music.gob
@@ -108,8 +108,7 @@ class Engine:Music from U:Object (dynamic)
        override (U:Object) int deserialize(U:Object *uo)
        {
                struct upkg_file *f = uo->pkg_file;
-               Self *self = SELF(uo);
-               size_t rc, pos, buflen;
+               size_t rc, pos = 0, buflen;
                unsigned char buf[32];
                long size;
 
@@ -122,7 +121,7 @@ class Engine:Music from U:Object (dynamic)
                        return -1;
                pos += 1;
 
-               if (uo->pkg->version > 61) {
+               if (f->pkg->version > 61) {
                        /* Unknown field #2 */
                        if (buflen - pos < 4)
                                return -1;
@@ -130,7 +129,7 @@ class Engine:Music from U:Object (dynamic)
                }
 
                rc = upkg_decode_index(&size, buf+pos, buflen-pos);
-               if (rc == 0 || size < 0)
+               if (rc == 0 || size < 0 || size > f->len - pos)
                        return -1;
                pos += rc;