X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=parsers.c;h=3197c4ff6644c77e7d9c89a78a9b13e29f06da01;hp=999c715e3d041adbe27c19b0d51ea9d22270dc0c;hb=0ef5eb878212dd921cf08f842215db04506854af;hpb=ebf8e996becaa6488e2d1e6073db0d3da5971beb

diff --git a/parsers.c b/parsers.c
index 999c715e..3197c4ff 100644
--- a/parsers.c
+++ b/parsers.c
@@ -608,6 +608,14 @@ jb_err decompress_iob(struct client_state *csp)
              * XXX: this code is untested and should probably be removed.
              */
             int skip_bytes;
+
+            if (cur + 2 >= csp->iob->eod)
+            {
+               log_error(LOG_LEVEL_ERROR,
+                  "gzip extra field flag set but insufficient data available.");
+               return JB_ERR_COMPRESS;
+            }
+
             skip_bytes = *cur++;
             skip_bytes += (unsigned char)*cur++ << 8;