diff options
| author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-03-08 12:02:21 +0000 |
|---|---|---|
| committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-06-14 08:47:58 +0000 |
| commit | b873b69ded0143c46e05b834797414cd2cf2831a (patch) | |
| tree | 93a777da863d6a86276f9e6f933ccf22d1d6c8a8 /contrib | |
| parent | Merge pull request #5633 (diff) | |
| download | monero-b873b69ded0143c46e05b834797414cd2cf2831a.tar.xz | |
epee: basic sanity check on allocation size from untrusted source
Reported by guidov
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/epee/include/storages/portable_storage_from_bin.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/epee/include/storages/portable_storage_from_bin.h b/contrib/epee/include/storages/portable_storage_from_bin.h index 2884f8c5e..e0a32b3ca 100644 --- a/contrib/epee/include/storages/portable_storage_from_bin.h +++ b/contrib/epee/include/storages/portable_storage_from_bin.h @@ -136,6 +136,7 @@ namespace epee //for pod types array_entry_t<type_name> sa; size_t size = read_varint(); + CHECK_AND_ASSERT_THROW_MES(size <= m_count, "Size sanity check failed"); sa.reserve(size); //TODO: add some optimization here later while(size--) |