From 05a23117ac892479d35020c24b2f4577a76e63d2 Mon Sep 17 00:00:00 2001 From: Harish <53053648+HarishCoder-Linux@users.noreply.github.com> Date: Mon, 9 Jun 2025 21:27:09 +0100 Subject: [PATCH] fix: skip trailing padding in HII database parsing Add a guard in `get_package_lists()` to detect and skip trailing padding bytes (e.g., 0x00 or 0xFF) in the HII database blob. This prevents crashes caused by attempting to parse padding as a valid package list, which resulted in subtraction overflows. Also ensures graceful exit if the remaining data is too short to form a valid package list header. --- src/lib/hii/package.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/lib/hii/package.rs b/src/lib/hii/package.rs index 2bd28b1..f30507b 100644 --- a/src/lib/hii/package.rs +++ b/src/lib/hii/package.rs @@ -16,6 +16,7 @@ use std::fmt; use std::fs; use std::io::Seek; use std::rc::Rc; +use std::io::Read; use anyhow::Context; use anyhow::Result; @@ -93,6 +94,25 @@ fn get_package_lists(source: &[u8]) -> Result> { .context("failed to find current position of db_cursor")?; while used_bytes < db_size { + // Stop parsing if fewer than 20 bytes remain — not enough for a package list header. + // Also handle trailing padding (all 0x00 or 0xFF), which isn't a valid package list. + let remaining = (db_size - used_bytes) as usize; + + if remaining < 20 { + debug!("Less than 20 bytes remaining, stopping parse."); + break; + } + + let mut header_buf = [0u8; 20]; + db_cursor.read_exact(&mut header_buf)?; + db_cursor.seek(SeekFrom::Current(-20))?; // rewind + + let looks_like_padding = header_buf.iter().all(|&b| b == 0x00 || b == 0xFF); + if looks_like_padding { + debug!("Padding detected at offset {}, stopping parse.", used_bytes); + break; + } + let package_list: PackageList = match db_cursor.read_ne() { Err(why) => { error!("Can't parse more package lists: {}", why);