music: Check data size against actual file size.

[upkg.git] / src / engine / music.gob

diff --git a/src/engine/music.gob b/src/engine/music.gob
index b4ed7d2db1724a22027ae4abe37862c84986d36f..f0bde09f4ace15b4aa0c48225e245c03e13afa67 100644 (file)
--- a/src/engine/music.gob
+++ b/src/engine/music.gob
@@ -108,7 +108,6 @@ class Engine:Music from U:Object (dynamic)
        override (U:Object) int deserialize(U:Object *uo)
        {
                struct upkg_file *f = uo->pkg_file;
-               Self *self = SELF(uo);
                size_t rc, pos = 0, buflen;
                unsigned char buf[32];
                long size;
@@ -130,7 +129,7 @@ class Engine:Music from U:Object (dynamic)
                }
 
                rc = upkg_decode_index(&size, buf+pos, buflen-pos);
-               if (rc == 0 || size < 0)
+               if (rc == 0 || size < 0 || size > f->len - pos)
                        return -1;
                pos += rc;