From 8b52af65bc066fb36761ebc1f950454c5e5ef548 Mon Sep 17 00:00:00 2001 From: stefan301 <32997632+stefan301@users.noreply.github.com> Date: Mon, 16 Mar 2020 20:19:11 +0100 Subject: [PATCH] [C++] Add max_depth and max_tables parameters to reflection::Verify (#5815) * Added missing EndTable() call to VerifyObject() VerifyObject called VerifyTableStart() but not EndTable(). This made Verifier::VerifyComplexity() increase depth_ with each table, not with the depth of tables. https://groups.google.com/forum/#!topic/flatbuffers/OpxtW5UFAdg * Added Check to VerifyAlignment https://stackoverflow.com/questions/59376308/flatbuffers-verifier-returns-false-without-any-assertion-flatbuffers-debug-veri * [C++] Add max_depth and max_tables parameters to reflection::Verify Co-authored-by: Felkel Co-authored-by: stefan301 --- include/flatbuffers/reflection.h | 4 +++- src/reflection.cpp | 6 ++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/include/flatbuffers/reflection.h b/include/flatbuffers/reflection.h index 052e6d927..f606b7b5e 100644 --- a/include/flatbuffers/reflection.h +++ b/include/flatbuffers/reflection.h @@ -470,7 +470,9 @@ Offset CopyTable(FlatBufferBuilder &fbb, // buf should point to the start of flatbuffer data. // length specifies the size of the flatbuffer data. bool Verify(const reflection::Schema &schema, const reflection::Object &root, - const uint8_t *buf, size_t length); + const uint8_t *buf, size_t length, + uoffset_t max_depth = 64, + uoffset_t max_tables = 1000000); } // namespace flatbuffers diff --git a/src/reflection.cpp b/src/reflection.cpp index 77ea0dcf4..abe9bb5d0 100644 --- a/src/reflection.cpp +++ b/src/reflection.cpp @@ -705,8 +705,10 @@ bool VerifyObject(flatbuffers::Verifier &v, const reflection::Schema &schema, } bool Verify(const reflection::Schema &schema, const reflection::Object &root, - const uint8_t *buf, size_t length) { - Verifier v(buf, length); + const uint8_t *buf, size_t length, + uoffset_t max_depth /*= 64*/, + uoffset_t max_tables /*= 1000000*/) { + Verifier v(buf, length, max_depth, max_tables); return VerifyObject(v, schema, root, flatbuffers::GetAnyRoot(buf), true); }