music: Check data size against actual file size.

[upkg.git] / src / engine / music.gob

diff --git a/src/engine/music.gob b/src/engine/music.gob
index 3d1abdb19d0d444aa2a002969e6e730b81fa54f8..f0bde09f4ace15b4aa0c48225e245c03e13afa67 100644 (file)
--- a/src/engine/music.gob
+++ b/src/engine/music.gob
@@ -108,7 +108,6 @@ class Engine:Music from U:Object (dynamic)
        override (U:Object) int deserialize(U:Object *uo)
        {
                struct upkg_file *f = uo->pkg_file;
-               Self *self = SELF(uo);
                size_t rc, pos = 0, buflen;
                unsigned char buf[32];
                long size;
@@ -122,7 +121,7 @@ class Engine:Music from U:Object (dynamic)
                        return -1;
                pos += 1;
 
-               if (uo->pkg->version > 61) {
+               if (f->pkg->version > 61) {
                        /* Unknown field #2 */
                        if (buflen - pos < 4)
                                return -1;
@@ -130,7 +129,7 @@ class Engine:Music from U:Object (dynamic)
                }
 
                rc = upkg_decode_index(&size, buf+pos, buflen-pos);
-               if (rc == 0 || size < 0)
+               if (rc == 0 || size < 0 || size > f->len - pos)
                        return -1;
                pos += rc;