Add size check to fix out of bounds read risk (#7304)

This commit is contained in:
Björn Harrtell
2022-05-14 00:15:00 +02:00
committed by GitHub
parent 12917af8a2
commit 74a25536be

View File

@@ -164,10 +164,11 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
// gives the result we want. // gives the result we want.
auto vtableo = tableo - static_cast<size_t>(ReadScalar<soffset_t>(table)); auto vtableo = tableo - static_cast<size_t>(ReadScalar<soffset_t>(table));
// Check the vtable size field, then check vtable fits in its entirety. // Check the vtable size field, then check vtable fits in its entirety.
return VerifyComplexity() && Verify<voffset_t>(vtableo) && if (!( VerifyComplexity() && Verify<voffset_t>(vtableo) &&
VerifyAlignment(ReadScalar<voffset_t>(buf_ + vtableo), VerifyAlignment(ReadScalar<voffset_t>(buf_ + vtableo),
sizeof(voffset_t)) && sizeof(voffset_t)))) return false;
Verify(vtableo, ReadScalar<voffset_t>(buf_ + vtableo)); auto vsize = ReadScalar<voffset_t>(buf_ + vtableo);
return Check((vsize & 1) == 0) && Verify(vtableo, vsize);
} }
template<typename T> template<typename T>