From 0c070a35e5d8ec5dceae5e3f4f5a72e95a0e392d Mon Sep 17 00:00:00 2001
From: Alan Mishchenko <alanmi@berkeley.edu>
Date: Sun, 28 Sep 2014 12:17:02 -0700
Subject: Adding out-of-bounds checks to AIGER readers.

---
 src/aig/gia/giaAiger.c    | 2 +-
 src/base/io/ioReadAiger.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/aig/gia/giaAiger.c b/src/aig/gia/giaAiger.c
index 2f2cab2b..cbcaf856 100644
--- a/src/aig/gia/giaAiger.c
+++ b/src/aig/gia/giaAiger.c
@@ -369,7 +369,7 @@ Gia_Man_t * Gia_AigerReadFromMemory( char * pContents, int nFileSize, int fSkipS
 
     // read signal names if they are of the special type
     pCur = pSymbols;
-    if ( *pCur != 'c' )
+    if ( pCur < (unsigned char *)pContents + nFileSize && *pCur != 'c' )
     {
         int fBreakUsed = 0;
         unsigned char * pCurOld = pCur;
diff --git a/src/base/io/ioReadAiger.c b/src/base/io/ioReadAiger.c
index ab865326..1d9ca877 100644
--- a/src/base/io/ioReadAiger.c
+++ b/src/base/io/ioReadAiger.c
@@ -477,7 +477,7 @@ Abc_Ntk_t * Io_ReadAiger( char * pFileName, int fCheck )
  
     // read the names if present
     pCur = pSymbols;
-    if ( *pCur != 'c' )
+    if ( pCur < pContents + nFileSize && *pCur != 'c' )
     {
         int Counter = 0;
         while ( pCur < pContents + nFileSize && *pCur != 'c' )
-- 
cgit v1.2.3