# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1388162561 28800
# Node ID c638905665bc19ad9cc119836451b0c061c0caae
# Parent  0f31852173135de8f517097cd8925ea58550956a
Daniel Gryniewicz found buffer overrun in LIST_COPY_TIME

diff -r 0f3185217313 -r c638905665bc src/libpst.c
--- a/src/libpst.c	Fri Dec 27 08:27:47 2013 -0800
+++ b/src/libpst.c	Fri Dec 27 08:42:41 2013 -0800
@@ -2064,13 +2064,14 @@
 
 // malloc space and copy the item filetime
 #define LIST_COPY_TIME(label, targ) {                                       \
-    if (list->elements[x]->type != 0x40) {                                  \
-        DEBUG_WARN(("src not 0x40 for filetime dst\n"));                    \
+    if ((list->elements[x]->type != 0x40) ||                                \
+        (list->elements[x]->size != sizeof(FILETIME)) {                     \
+        DEBUG_WARN(("src not 0x40 or wrong length for filetime dst\n"));    \
         DEBUG_HEXDUMP(list->elements[x]->data, list->elements[x]->size);    \
     }                                                                       \
     else {                                                                  \
         targ = (FILETIME*) pst_realloc(targ, sizeof(FILETIME));             \
-        memcpy(targ, list->elements[x]->data, min(sizeof(FILETIME), list->elements[x]->size)); \
+        memcpy(targ, list->elements[x]->data, sizeof(FILETIME));            \
         LE32_CPU(targ->dwLowDateTime);                                      \
         LE32_CPU(targ->dwHighDateTime);                                     \
         DEBUG_INFO((label" - %s", pst_fileTimeToAscii(targ, time_buffer))); \