From f9e8cbc0a3031d86381367cada852578231ce0e7 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Wed, 4 Dec 2019 11:20:20 -0500
Subject: [PATCH] Fix for heap OOB memory read issue 1076.

---
 tsk/fs/hfs.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
index 8c268a53e..8f6d98bd8 100755
--- a/tsk/fs/hfs.c
+++ b/tsk/fs/hfs.c
@@ -1058,6 +1058,16 @@ hfs_cat_traverse(HFS_INFO * hfs,
                     free(node);
                     return 1;
                 }
+
+                if (sizeof(hfs_btree_key_cat) > nodesize - rec_off) {
+                    tsk_error_set_errno(TSK_ERR_FS_GENFS);
+                    tsk_error_set_errstr
+                    ("hfs_cat_traverse: record %d in leaf node %d truncated",
+                        rec, cur_node);
+                    free(node);
+                    return 1;
+                }
+
                 key = (hfs_btree_key_cat *) & node[rec_off];
 
                 keylen = 2 + tsk_getu16(hfs->fs_info.endian, key->key_len);
-- 
GitLab