[Swift] Fix verifier accepting truncated scalar vectors (OOB read/write, RCE) (#9081)

2026-06-16 09:12:22 +00:00 · 2026-05-08 11:16:10 +03:00
parent 392165432a
commit 1f438bd40f
2 changed files with 29 additions and 1 deletions
--- a/tests/swift/Tests/Flatbuffers/FlatbuffersVerifierTests.swift
+++ b/tests/swift/Tests/Flatbuffers/FlatbuffersVerifierTests.swift
@@ -411,6 +411,27 @@ final class FlatbuffersVerifierTests {
    }
  }

+  @Test(.bug("https://github.com/google/flatbuffers/issues/9082"))
+  func testRejectsTruncatedScalarVector() {
+    // swiftformat:disable all
+    var byteBuffer = ByteBuffer(bytes: [
+      16, 0, 0, 0,
+      6, 0, 8, 0,
+      4, 0, 0, 0,
+      0, 0, 0, 0,
+      12, 0, 0, 0,
+      8, 0, 0, 0,
+      0, 0, 0, 0,
+      2, 0, 0, 0,
+      65, 66,
+    ])
+    // swiftformat:enable all
+
+    #expect(throws: FlatbuffersErrors.self) {
+      try getCheckedRoot(byteBuffer: &byteBuffer) as Swift_Tests_Vectors
+    }
+  }
+
  @Test
  func testValidUnionBuffer() {
    let string = "Awesome \\\\t\t\nstring!"