From ecc44b6a2f18ee70ac133365de0e509d26d5e168 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Sun, 24 Apr 2022 21:15:25 +0200
Subject: [PATCH] Fix oobread in java parser ##crash

* Reported by @bet4it via @huntrdev
* BountyID c8f4c2de-7d96-4ad4-857a-c099effca2d6
* Reproducer: bootstrap.class
---
 shlr/java/class.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/shlr/java/class.c b/shlr/java/class.c
index 80919af8ecbd5..a2c6747cf1851 100644
--- a/shlr/java/class.c
+++ b/shlr/java/class.c
@@ -6933,6 +6933,10 @@ R_API RBinJavaAttrInfo *r_bin_java_bootstrap_methods_attr_new(RBinJavaObj *bin,
 	offset += 6;
 	if (attr) {
 		attr->type = R_BIN_JAVA_ATTR_TYPE_BOOTSTRAP_METHODS_ATTR;
+		if (offset + 8 > sz)  {
+			free (attr);
+			return NULL;
+		}
 		attr->info.bootstrap_methods_attr.num_bootstrap_methods = R_BIN_JAVA_USHORT (buffer, offset);
 		offset += 2;
 		attr->info.bootstrap_methods_attr.bootstrap_methods = r_list_newf (r_bin_java_bootstrap_method_free);