From 8a12183c3bf2fc39a5c6c32307b81d947bc37e22 Mon Sep 17 00:00:00 2001 From: Noam ismach moshe Date: Thu, 2 Apr 2026 11:03:03 +0300 Subject: [PATCH] Fix out-of-bounds vector access in StructDef::Deserialize (#8988) * Fix out-of-bounds vector access in StructDef::Deserialize * Fix syntax: use error_ instead of error() --- src/idl_parser.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/idl_parser.cpp b/src/idl_parser.cpp index fe2878a96..b1bdffa01 100644 --- a/src/idl_parser.cpp +++ b/src/idl_parser.cpp @@ -4132,7 +4132,15 @@ bool StructDef::Deserialize(Parser& parser, const reflection::Object* object) { sortbysize = attributes.Lookup("original_order") == nullptr && !fixed; const auto& of = *(object->fields()); auto indexes = std::vector(of.size()); - for (uoffset_t i = 0; i < of.size(); i++) indexes[of.Get(i)->id()] = i; + for (uoffset_t i = 0; i < of.size(); i++) { + uint16_t field_id = of.Get(i)->id(); + if (field_id >= of.size()) { + parser.error_ = "Field ID " + std::to_string(field_id) + + " exceeds field count " + std::to_string(of.size()); + return false; + } + indexes[field_id] = i; +} size_t tmp_struct_size = 0; for (size_t i = 0; i < indexes.size(); i++) { auto field = of.Get(indexes[i]);