From fc9909c30a850273f255762aee9ced883e5b8cb6 Mon Sep 17 00:00:00 2001
From: dataCenter430 <161712630+dataCenter430@users.noreply.github.com>
Date: Wed, 11 Mar 2026 22:23:32 -0400
Subject: [PATCH] fix: infinite loop in proto reserved range parser (CWE-835)
 (#8966)

---
 src/idl_parser.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/idl_parser.cpp b/src/idl_parser.cpp
index caeca93d2..fe2878a96 100644
--- a/src/idl_parser.cpp
+++ b/src/idl_parser.cpp
@@ -3172,8 +3172,10 @@ CheckedError Parser::ParseProtoFields(StructDef* struct_def, bool isextend,
             return Error("Protobuf has non positive number in reserved ids");
 
           if (range) {
-            for (voffset_t id = from + 1; id <= attribute; id++)
-              struct_def->reserved_ids.push_back(id);
+            for (uint32_t id = static_cast<uint32_t>(from) + 1;
+                 id <= static_cast<uint32_t>(attribute); id++) {
+              struct_def->reserved_ids.push_back(static_cast<voffset_t>(id));
+            }
 
             range = false;
           } else {