From 67d1bad7efeed2e1164241e41a78916ffb0961f6 Mon Sep 17 00:00:00 2001
From: Shahram Najm <masn@ecmwf.int>
Date: Fri, 13 Dec 2024 17:30:54 +0000
Subject: [PATCH] ECC-1994: Crash: grib_compare combining -b and -r flag

---
 src/accessor/grib_accessor_class_md5.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/accessor/grib_accessor_class_md5.cc b/src/accessor/grib_accessor_class_md5.cc
index c5549cd51..52ab4c201 100644
--- a/src/accessor/grib_accessor_class_md5.cc
+++ b/src/accessor/grib_accessor_class_md5.cc
@@ -102,6 +102,7 @@ int grib_accessor_md5_t::unpack_string(char* v, size_t* len)
     mess = (unsigned char*)grib_context_malloc(context_, length);
     memcpy(mess, grib_handle_of_accessor(this)->buffer->data + offset, length);
     mess_len = length;
+    const unsigned char* pEnd = mess + length - 1;
 
     blocklist = context_->blocklist;
     /* passed blocklist overrides context blocklist.
@@ -117,8 +118,10 @@ int grib_accessor_md5_t::unpack_string(char* v, size_t* len)
         }
 
         p = mess + b->offset_ - offset;
-        for (i = 0; i < b->length_; i++)
+        for (i = 0; i < b->length_; i++) {
+            if (p > pEnd) break;
             *(p++) = 0;
+        }
 
         blocklist = blocklist->next;
     }