mirror of
https://github.com/tesseract-ocr/tesseract.git
synced 2024-12-11 23:19:04 +08:00
Merge pull request #1796 from stweil/limit
Increase limit for deserialization of large arrays
This commit is contained in:
commit
390f9ed55b
@ -968,8 +968,9 @@ bool GenericVector<T>::DeSerialize(tesseract::TFile* fp) {
|
|||||||
uint32_t reserved;
|
uint32_t reserved;
|
||||||
if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false;
|
if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false;
|
||||||
// Arbitrarily limit the number of elements to protect against bad data.
|
// Arbitrarily limit the number of elements to protect against bad data.
|
||||||
assert(reserved <= 30000000);
|
const uint32_t limit = 50000000;
|
||||||
if (reserved > 30000000) return false;
|
assert(reserved <= limit);
|
||||||
|
if (reserved > limit) return false;
|
||||||
reserve(reserved);
|
reserve(reserved);
|
||||||
size_used_ = reserved;
|
size_used_ = reserved;
|
||||||
return fp->FReadEndian(data_, sizeof(T), size_used_) == size_used_;
|
return fp->FReadEndian(data_, sizeof(T), size_used_) == size_used_;
|
||||||
|
Loading…
Reference in New Issue
Block a user