From cef807d09181ed4df138792bad2568f021dff83c Mon Sep 17 00:00:00 2001
From: Joachim Metz <joachim.metz@gmail.com>
Date: Tue, 17 Dec 2013 22:03:56 +0100
Subject: [PATCH] Fix for segfault in img_io when underlying img info object
 returns false information.

---
 tsk/img/img_io.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/tsk/img/img_io.c b/tsk/img/img_io.c
index 6d552b7be..69d305053 100644
--- a/tsk/img/img_io.c
+++ b/tsk/img/img_io.c
@@ -208,16 +208,18 @@ tsk_img_read(TSK_IMG_INFO * a_img_info, TSK_OFF_T a_off,
             // Determine the offset relative to the start of the cached data.
             a_rel_off = a_off - a_img_info->cache_off[cache_next];
 
+            // Make sure we were able to read sufficient data into the cache.
+            if(rel_off > (TSK_OFF_T) read_count) {
+                len2 = 0;
+            }
             // Make sure not to copy more than is available in the cache.
-            if( ( a_rel_off + (TSK_OFF_T) len2 ) > (TSK_OFF_T) read_count ) {
-                len2 = (size_t) ( read_count - a_rel_off );
+            else if ((rel_off + (TSK_OFF_T) len2) > (TSK_OFF_T) read_count) {
+                len2 = (size_t) (read_count - rel_off);
+            }
+            // Only copy data when we have something to copy.
+            if(len2 > 0) {
+                memcpy(a_buf, &(a_img_info->cache[cache_next][rel_off]), len2);
             }
-
-            memcpy(
-             a_buf,
-             &( a_img_info->cache[ cache_next ][ a_rel_off ] ),
-             len2 );
-
             read_count = (ssize_t) len2;
         }
         else {
-- 
GitLab