From 1c0ed3ab1dcae9a45b1a95962e37d4736cb9fae3 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Sun, 14 Mar 2021 08:57:21 +0000
Subject: [PATCH] srec: Detect overflow to avoid adding ~4GB of 0xFF padding

Fixes https://oss-fuzz.com/testcase-detail/5468114109202432
---
 libfwupdplugin/fu-srec-firmware.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libfwupdplugin/fu-srec-firmware.c b/libfwupdplugin/fu-srec-firmware.c
index 1e4bf9640..29210c723 100644
--- a/libfwupdplugin/fu-srec-firmware.c
+++ b/libfwupdplugin/fu-srec-firmware.c
@@ -379,6 +379,14 @@ fu_srec_firmware_parse (FuFirmware *firmware,
 				if (img_address == 0x0)
 					img_address = rcd->addr;
 				addr32_last = rcd->addr + rcd->buf->len;
+				if (addr32_last < rcd->addr) {
+					g_set_error (error,
+						     FWUPD_ERROR,
+						     FWUPD_ERROR_INVALID_FILE,
+						     "overflow from address 0x%x at line %u",
+						     (guint) rcd->addr, rcd->ln);
+					return FALSE;
+				}
 			}
 			data_cnt++;
 		}