Merge pull request #1796 from stweil/limit

Increase limit for deserialization of large arrays
This commit is contained in:
zdenop 2018-07-21 13:00:37 +02:00 committed by GitHub
commit 390f9ed55b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -968,8 +968,9 @@ bool GenericVector<T>::DeSerialize(tesseract::TFile* fp) {
uint32_t reserved; uint32_t reserved;
if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false; if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false;
// Arbitrarily limit the number of elements to protect against bad data. // Arbitrarily limit the number of elements to protect against bad data.
assert(reserved <= 30000000); const uint32_t limit = 50000000;
if (reserved > 30000000) return false; assert(reserved <= limit);
if (reserved > limit) return false;
reserve(reserved); reserve(reserved);
size_used_ = reserved; size_used_ = reserved;
return fp->FReadEndian(data_, sizeof(T), size_used_) == size_used_; return fp->FReadEndian(data_, sizeof(T), size_used_) == size_used_;