This allows us to read ULEB128 encoded values close to the end of a buffer.
This change fixes a heap-buffer-overflow in load_encoded_method(), found by fuzzing. In that method, the fits_in_dex() check is not sufficient, as each uint32_t can occupy up to 5 bytes in ULEB128 encoding.
I did not replace all uses of read_uleb128() in dex.c, but follow-up changes should probably do that.
This allows us to read ULEB128 encoded values close to the end of a buffer.
This change fixes a heap-buffer-overflow in
load_encoded_method(), found by fuzzing. In that method, thefits_in_dex()check is not sufficient, as eachuint32_tcan occupy up to 5 bytes in ULEB128 encoding.I did not replace all uses of
read_uleb128()index.c, but follow-up changes should probably do that.