From 406438f497931f45fb3edf6de17d3a59a922c257 Mon Sep 17 00:00:00 2001
From: tbeu <tc@tbeu.de>
Date: Sat, 25 Nov 2017 10:29:57 +0100
Subject: [PATCH] Add check for valid fieldname size

As reported by honggfuzz
---
 src/mat5.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/mat5.c b/src/mat5.c
index 977122bc..deb507e5 100644
--- a/src/mat5.c
+++ b/src/mat5.c
@@ -1559,8 +1559,12 @@ ReadNextStructField( mat_t *mat, matvar_t *matvar )
         }
         if ( (uncomp_buf[0] & 0x0000ffff) == MAT_T_INT32 ) {
             fieldname_size = uncomp_buf[1];
+            if ( 0 >= fieldname_size ) {
+                Mat_Critical("Size of fieldname must be positive");
+                return bytesread;
+            }
         } else {
-            Mat_Warning("Error getting fieldname size");
+            Mat_Critical("Error getting fieldname size");
             return bytesread;
         }
 
@@ -1741,8 +1745,12 @@ ReadNextStructField( mat_t *mat, matvar_t *matvar )
         }
         if ( (buf[0] & 0x0000ffff) == MAT_T_INT32 ) {
             fieldname_size = buf[1];
+            if ( 0 >= fieldname_size ) {
+                Mat_Critical("Size of fieldname must be positive");
+                return bytesread;
+            }
         } else {
-            Mat_Warning("Error getting fieldname size");
+            Mat_Critical("Error getting fieldname size");
             return bytesread;
         }
         bytesread+=fread(buf,4,2,(FILE*)mat->fp);