commit 5326bd73c63d9b453093bf46a5a514283348d0ec
from: Omar Polo <op@omarpolo.com>
date: Mon Oct 24 21:29:59 2022 UTC

add bounds check when reading a delta offset from a packed object

ok stsp@

commit - 82031ac84c8cf40b9d7373d07cf94423b8a7bf22
commit + 5326bd73c63d9b453093bf46a5a514283348d0ec
blob - b1c742e556836c8ebe34fdc0737b73b17fa2a931
blob + 07b401c3fd8743bb46cd007e16800e79aaa387dc
--- lib/pack_index.c
+++ lib/pack_index.c
@@ -314,6 +314,12 @@ read_packed_object(struct got_pack *pack, struct got_i
 			break;
 
 		if (pack->map) {
+			if (mapoff + obj->delta.ofs.base_offsetlen >=
+			    pack->filesize) {
+				err = got_error(GOT_ERR_BAD_PACKFILE);
+				break;
+			}
+
 			obj->crc = crc32(obj->crc, pack->map + mapoff,
 			    obj->delta.ofs.base_offsetlen);
 			SHA1Update(pack_sha1_ctx, pack->map + mapoff,