BigfootDev/flatbuffers
1
0
Fork 1
mirror of https://github.com/google/flatbuffers.git synced 2026-06-09 06:30:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix FlexBuffers Verifier tracking vectors reuse at wrong offset

Browse Source 
See test for an example.
Found in: https://github.com/aardappel/lobster/pull/193
This commit is contained in:
Wouter van Oortmerssen
2022-08-05 10:45:01 -07:00
parent 50dd385b30
commit ec0129369c
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/flatbuffers/flexbuffers.h
View File

@@ -1740,9 +1740,9 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
if (!Check(depth_ <= max_depth_ && num_vectors_ <= max_vectors_))
return false;
auto size_byte_width = r.byte_width_;
FLEX_CHECK_VERIFIED(p,
PackedType(Builder::WidthB(size_byte_width), r.type_));
if (!VerifyBeforePointer(p, size_byte_width)) return false;
FLEX_CHECK_VERIFIED(p - size_byte_width,
PackedType(Builder::WidthB(size_byte_width), r.type_));
auto sized = Sized(p, size_byte_width);
auto num_elems = sized.size();
auto elem_byte_width = r.type_ == FBT_STRING || r.type_ == FBT_BLOB