From e8f89fa0cea8907012251ddb083c7f402329ec6f Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Wed, 17 Jan 2018 13:07:22 -0500
Subject: [PATCH] Check that there is room in the buffer for hfs_extents

---
 tsk/fs/hfs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
index 2ba5d995e..d9825a84b 100644
--- a/tsk/fs/hfs.c
+++ b/tsk/fs/hfs.c
@@ -742,8 +742,9 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid,
                 }
 
                 // OK, this is one of the extents records that we are seeking, so save it.
+                // Make sure there is room for the hfs_extents struct
                 keylen = 2 + tsk_getu16(fs->endian, key->key_len);
-                if (rec_off + keylen > nodesize) {
+                if (rec_off + keylen + sizeof(hfs_extents) > nodesize) {
                     tsk_error_set_errno(TSK_ERR_FS_GENFS);
                     tsk_error_set_errstr
                         ("hfs_ext_find_extent_record_attr: offset and keylenth of record %d in leaf node %d too large (%d vs %"
-- 
GitLab