The field length check should check for field overflow. --- isofs/rr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/isofs/rr.c b/isofs/rr.c
index 4cd97924..b6d85446 100644
--- a/isofs/rr.c
+++ b/isofs/rr.c
@@ -192,7 +192,7 @@ rrip_work (struct dirrect *dr, struct rrip_lookup *rr,
/* Make sure the ER field is valid */
if ((void *) er->more + er->len_id + er->len_des + er->len_src
- < terminus)
+ > terminus)
goto next_field;
/* Check for rock-ridge */
