Out of bounds read in HFS+ module
Brought to you by:
carrier
Regarding sleuthkit 4.1.3:
hfs_UTF16toUTF8() in hfs_dent.c is used to translate a name.length long name.unicode into an ascii name.name. When called from hfs_dir_open_meta_cb() name.length is not sanity checked, so a length around 65535 will result in a read overflow of name.unicode.
To reproduce, uncompress the attached image and run "fls segv" or "icat segv 17".