mirror of
https://github.com/google/flatbuffers.git
synced 2026-07-01 02:51:37 +00:00
FlexBuffers verifier additionally checks for nesting
This commit is contained in:
@@ -1644,8 +1644,15 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
|
|||||||
// of larger buffers with many shared keys/strings, but
|
// of larger buffers with many shared keys/strings, but
|
||||||
// comes at the cost of using additional memory the same size of
|
// comes at the cost of using additional memory the same size of
|
||||||
// the buffer being verified, so it is by default off.
|
// the buffer being verified, so it is by default off.
|
||||||
std::vector<uint8_t> *reuse_tracker = nullptr)
|
std::vector<uint8_t> *reuse_tracker = nullptr,
|
||||||
: buf_(buf), size_(buf_len), reuse_tracker_(reuse_tracker) {
|
size_t max_depth = 64)
|
||||||
|
: buf_(buf),
|
||||||
|
size_(buf_len),
|
||||||
|
depth_(0),
|
||||||
|
max_depth_(max_depth),
|
||||||
|
num_vectors_(0),
|
||||||
|
max_vectors_(buf_len),
|
||||||
|
reuse_tracker_(reuse_tracker) {
|
||||||
FLATBUFFERS_ASSERT(size_ < FLATBUFFERS_MAX_BUFFER_SIZE);
|
FLATBUFFERS_ASSERT(size_ < FLATBUFFERS_MAX_BUFFER_SIZE);
|
||||||
if (reuse_tracker_) {
|
if (reuse_tracker_) {
|
||||||
reuse_tracker_->clear();
|
reuse_tracker_->clear();
|
||||||
@@ -1707,7 +1714,11 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
|
|||||||
|
|
||||||
bool VerifyVector(Reference r, const uint8_t *p, Type elem_type) {
|
bool VerifyVector(Reference r, const uint8_t *p, Type elem_type) {
|
||||||
// Any kind of nesting goes thru this function, so guard against that
|
// Any kind of nesting goes thru this function, so guard against that
|
||||||
// here.
|
// here, both with simple nesting checks, and the reuse tracker if on.
|
||||||
|
depth_++;
|
||||||
|
num_vectors_++;
|
||||||
|
if (!Check(depth_ <= max_depth_ && num_vectors_ <= max_vectors_))
|
||||||
|
return false;
|
||||||
auto size_byte_width = r.byte_width_;
|
auto size_byte_width = r.byte_width_;
|
||||||
FLEX_CHECK_VERIFIED(p, PackedType(Builder::WidthB(size_byte_width), r.type_));
|
FLEX_CHECK_VERIFIED(p, PackedType(Builder::WidthB(size_byte_width), r.type_));
|
||||||
if (!VerifyBeforePointer(p, size_byte_width))
|
if (!VerifyBeforePointer(p, size_byte_width))
|
||||||
@@ -1735,6 +1746,7 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
|
|||||||
} else {
|
} else {
|
||||||
FLATBUFFERS_ASSERT(IsInline(elem_type));
|
FLATBUFFERS_ASSERT(IsInline(elem_type));
|
||||||
}
|
}
|
||||||
|
depth_--;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1846,6 +1858,10 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
|
|||||||
private:
|
private:
|
||||||
const uint8_t *buf_;
|
const uint8_t *buf_;
|
||||||
size_t size_;
|
size_t size_;
|
||||||
|
size_t depth_;
|
||||||
|
const size_t max_depth_;
|
||||||
|
size_t num_vectors_;
|
||||||
|
const size_t max_vectors_;
|
||||||
std::vector<uint8_t> *reuse_tracker_;
|
std::vector<uint8_t> *reuse_tracker_;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user