Changeset 2:6813b46b98f2 in rrlib_uri


Ignore:
Timestamp:
27.06.2017 07:38:29 (4 years ago)
Author:
Max Reichardt <mreichardt@…>
Branch:
default
Phase:
public
Message:

Introduces size limit for tPath deserialization (so erroneous input can not cause segmentation fault due to invalid memory allocation)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • tPath.cpp

    r0 r2  
    6363// Const values 
    6464//---------------------------------------------------------------------- 
     65static const size_t cDESERIALIZATION_SIZE_LIMIT = 50000; 
    6566 
    6667//---------------------------------------------------------------------- 
     
    168169{ 
    169170  size_t size = stream.ReadInt(); 
     171  if (size > cDESERIALIZATION_SIZE_LIMIT) 
     172  { 
     173    throw std::runtime_error("Size limit for path deserialization exceeded"); 
     174  } 
    170175  char buffer[size]; 
    171176  stream.ReadFully(buffer, size); 
Note: See TracChangeset for help on using the changeset viewer.