From: Robert Luberda <robert@debian.org>
Date: Sun, 15 May 2016 11:15:06 +0200
Subject: CVE-2016-2335
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Patch for the Out of bounds read in UDF handler vulnerability
(CVE-2016-2335) as posted by İsmail Dönmez to
https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba
---
 CPP/7zip/Archive/Udf/UdfIn.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CPP/7zip/Archive/Udf/UdfIn.cpp b/CPP/7zip/Archive/Udf/UdfIn.cpp
index a051a27..5f2acb0 100644
--- CPP/7zip/Archive/Udf/UdfIn.cpp
+++ CPP/7zip/Archive/Udf/UdfIn.cpp
@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsIndex, const CLongAllocDesc
     return S_FALSE;
   CFile &file = Files.Back();
   const CLogVol &vol = LogVols[volIndex];
-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
+  unsigned partitionRef = lad.Location.PartitionRef;
+
+  if (partitionRef >= vol.PartitionMaps.Size())
+  	return S_FALSE;
+  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
 
   UInt32 key = lad.Location.Pos;
   UInt32 value;