From 716095714d159077258bcb8822e377e32b01e50d Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Tue, 3 Dec 2019 15:12:47 -0500
Subject: [PATCH] Check avaalable allocated space before attempting to case to
 a hfs_btree_key_ext.

---
 tsk/fs/hfs.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
index 8c268a53e..2c82bb971 100755
--- a/tsk/fs/hfs.c
+++ b/tsk/fs/hfs.c
@@ -697,6 +697,18 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid,
                     free(node);
                     return 1;
                 }
+
+                // Check that the whole hfs_btree_key_ext structure is set
+                if (sizeof(hfs_btree_key_ext) > nodesize - rec_off) {
+                    tsk_error_set_errno(TSK_ERR_FS_GENFS);
+                    tsk_error_set_errstr
+                    ("hfs_ext_find_extent_record_attr: record %d in leaf node %d truncated (have %d vs %"
+                        PRIu16 " bytes)", rec, cur_node, nodesize - (int)rec_off,
+                        sizeof(hfs_btree_key_ext));
+                    free(node);
+                    return 1;
+                }
+
                 key = (hfs_btree_key_ext *) & node[rec_off];
 
                 if (tsk_verbose)
-- 
2.27.0