From 4ddf7c020c3db2f001987ec2c2a91a030a01377d Mon Sep 17 00:00:00 2001
From: David Gibson <dgibson@sneetch.(none)>
Date: Fri, 19 Aug 2005 16:11:11 +1000
Subject: [PATCH] In flat tree reading, check for (negative) string offsets
 which underrun the input blob. (Patch from Michael Ellerman).

---
 flattree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flattree.c b/flattree.c
index 7746227..901d1e2 100644
--- a/flattree.c
+++ b/flattree.c
@@ -547,7 +547,7 @@ static char *flat_read_stringtable(struct inbuf *inb, int offset)
 
 	p = inb->base + offset;
 	while (1) {
-		if (p >= inb->limit)
+		if (p >= inb->limit || p < inb->base)
 			die("String offset %d overruns string table\n",
 			    offset);