From 7a25a5242794386aa21756240ef3e01c1b68fe33 Mon Sep 17 00:00:00 2001
From: yeggor <vasilenko.yegor@gmail.com>
Date: Fri, 17 Mar 2023 02:19:32 +0400
Subject: [PATCH] Fix OOB access with volume.mid(headerSize)

---
 common/ffsparser.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/ffsparser.cpp b/common/ffsparser.cpp
index d5c6e73..8bfb91c 100644
--- a/common/ffsparser.cpp
+++ b/common/ffsparser.cpp
@@ -1135,6 +1135,9 @@ USTATUS FfsParser::parseVolumeHeader(const UByteArray & volume, const UINT32 loc
         msgInvalidChecksum = true;
     
     // Get info
+    if (headerSize >= volume.size()) {
+        return U_INVALID_VOLUME;
+    }
     UByteArray header = volume.left(headerSize);
     UByteArray body = volume.mid(headerSize);
     UString name = guidToUString(volumeHeader->FileSystemGuid);