From 0c7f8c8b5e1b85c805d9591fa689784c5ecf72bf Mon Sep 17 00:00:00 2001
From: Gary Talent <gtalent2@gmail.com>
Date: Tue, 25 Jun 2019 08:19:59 -0500
Subject: [PATCH] [ox/nodebuffer] Fix bounds checking in Ptr generation

---
 deps/ox/src/ox/ptrarith/nodebuffer.hpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/deps/ox/src/ox/ptrarith/nodebuffer.hpp b/deps/ox/src/ox/ptrarith/nodebuffer.hpp
index 776e5aae..87a1db66 100644
--- a/deps/ox/src/ox/ptrarith/nodebuffer.hpp
+++ b/deps/ox/src/ox/ptrarith/nodebuffer.hpp
@@ -219,8 +219,9 @@ typename NodeBuffer<size_t, Item>::ItemPtr NodeBuffer<size_t, Item>::ptr(size_t
 	std::size_t itemSpace = m_header.size - itemOffset;
 	auto item = reinterpret_cast<Item*>(reinterpret_cast<uint8_t*>(this) + itemOffset);
 	if (itemOffset >= sizeof(Header) &&
-		 itemSpace >= sizeof(Item) &&
-		 itemSpace >= item->fullSize()) {
+	    itemOffset + itemSpace <= size() &&
+	    itemSpace >= sizeof(Item) &&
+	    itemSpace >= item->fullSize()) {
 		return ItemPtr(this, m_header.size, itemOffset, item->fullSize());
 	} else {
 		//oxTrace("ox::ptrarith::NodeBuffer::ptr::null") << "itemOffset:" << itemOffset;