override (U:Object) int deserialize(U:Object *uo)
{
struct upkg_file *f = uo->pkg_file;
- Self *self = SELF(uo);
- size_t rc, pos, buflen;
+ size_t rc, pos = 0, buflen;
unsigned char buf[32];
long size;
return -1;
pos += 1;
- if (uo->pkg->version > 61) {
+ if (f->pkg->version > 61) {
/* Unknown field #2 */
if (buflen - pos < 4)
return -1;
}
rc = upkg_decode_index(&size, buf+pos, buflen-pos);
- if (rc == 0 || size < 0)
+ if (rc == 0 || size < 0 || size > f->len - pos)
return -1;
pos += rc;