From b05c7820c2d7aab1ca397d731f009e801e985ef2 Mon Sep 17 00:00:00 2001
From: Charles Kerr <charles@transmissionbt.com>
Date: Tue, 29 Apr 2008 02:51:02 +0000
Subject: [PATCH] possible fix for #904: "crash on startup in tr_bitfieldHas"

---
 libtransmission/fastresume.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libtransmission/fastresume.c b/libtransmission/fastresume.c
index 5ae81bece..a3ad10c73 100644
--- a/libtransmission/fastresume.c
+++ b/libtransmission/fastresume.c
@@ -585,7 +585,11 @@ parseVersion1( tr_torrent * tor, const uint8_t * buf, const uint8_t * end,
         readBytes( &id, &buf, sizeof(id) );
         readBytes( &len, &buf, sizeof(len) );
 
-        if( fieldsToLoad & internalIdToPublicBitfield( id ) ) switch( id )
+        if( buf + len > end )
+        {
+            tr_torerr( tor, "Resume file seems to be corrupt.  Skipping." );
+        }
+        else if( fieldsToLoad & internalIdToPublicBitfield( id ) ) switch( id )
         {
             case FR_ID_DOWNLOADED:   ret |= parseDownloaded( tor, buf, len ); break;
             case FR_ID_UPLOADED:     ret |= parseUploaded( tor, buf, len ); break;