Skip to content

Fix out-of-bounds read in serialno matching logic

We very carefully ensured _cur_link + 1 was in bounds, and then dereferenced nlinks + 1 (guaranteed to be out of bounds) instead. Introduced in commit f83675eb.

Thanks to the Google Autfuzz project for the report.

Fixes #2326

Edited by Timothy B. Terriberry

Merge request reports

Loading