a typo and FIXME

diff --git a/lib/buck2obj.c b/lib/buck2obj.c
index c50c80bd5bd3499b587418b572f19003ec421c14..b87326bba3f18653eb2b45cf41a9d6c365309a9b 100644 (file)
--- a/lib/buck2obj.c
+++ b/lib/buck2obj.c
@@ -132,7 +132,8 @@ obj_read_bucket(struct buck2obj_buf *buf, struct mempool *pool, uns buck_type, u
     }
     if (buck_type == BUCKET_TYPE_V33_LIZARD)           // decompression
     {
-      /* FIXME: Add checks for len<4 and other format violations */
+      if (ptr + 4 > end)
+       RET_ERR(EINVAL);
       len = GET_U32(ptr);
       ptr += 4;
       byte *new_ptr = lizard_decompress_safe(ptr, buf->lizard, len);

diff --git a/lib/buck2obj.h b/lib/buck2obj.h
index c1c806586ef7897f6eb58ebcc01192f2d98308f0..4a12ea61a219e058c894a2a89c0636f604022d27 100644 (file)
--- a/lib/buck2obj.h
+++ b/lib/buck2obj.h
@@ -12,7 +12,7 @@ void buck2obj_free(struct buck2obj_buf *buf);
 struct odes *obj_read_bucket(struct buck2obj_buf *buf, struct mempool *pool, uns buck_type, uns buck_len, struct fastbuf *body, uns *body_start);
   /* If body_start != NULL, then only the header is parsed and *body_start is
    * set to the position of the body. This function does a plenty of optimizations
-   * and if the body fastbuf is overwritable (body->can_overwrite), it can keep the
+   * and if the body fastbuf is overwritable (body->can_overwrite_buffer), it can keep the
    * attribute values stored on their original locations in the fastbuf's buffer.
    * However, no such things are performed when reading the header only.
    */