Commit b1c5732f authored by Mark Haines's avatar Mark Haines
Browse files

Fix bug in bounds check when parsing

parent 182f33f8
...@@ -133,7 +133,7 @@ static std::uint8_t const * decode( ...@@ -133,7 +133,7 @@ static std::uint8_t const * decode(
std::uint8_t const * len_start = pos; std::uint8_t const * len_start = pos;
pos = varint_skip(pos, end); pos = varint_skip(pos, end);
std::size_t len = varint_decode<std::size_t>(len_start, pos); std::size_t len = varint_decode<std::size_t>(len_start, pos);
if (len + pos > end) return end; if (len > std::size_t(end - pos)) return end;
value = pos; value = pos;
value_length = len; value_length = len;
pos += len; pos += len;
...@@ -154,7 +154,7 @@ static std::uint8_t const * skip_unknown( ...@@ -154,7 +154,7 @@ static std::uint8_t const * skip_unknown(
std::uint8_t const * len_start = pos; std::uint8_t const * len_start = pos;
pos = varint_skip(pos, end); pos = varint_skip(pos, end);
std::size_t len = varint_decode<std::size_t>(len_start, pos); std::size_t len = varint_decode<std::size_t>(len_start, pos);
if (len + pos > end) return end; if (len > std::size_t(end - pos)) return end;
pos += len; pos += len;
} else { } else {
return end; return end;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment