From 4bb41b8952e9517d1a920bca9570225f98b23c31 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Fri, 6 Jul 2018 15:13:13 +0200 Subject: [PATCH] Fix CID 1164693 (Untrusted value as argument) Signed-off-by: Stefan Weil --- src/ccutil/indexmapbidi.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ccutil/indexmapbidi.cpp b/src/ccutil/indexmapbidi.cpp index fe9e083e..5d969f07 100644 --- a/src/ccutil/indexmapbidi.cpp +++ b/src/ccutil/indexmapbidi.cpp @@ -50,10 +50,12 @@ bool IndexMap::Serialize(FILE* fp) const { // Reads from the given file. Returns false in case of error. // If swap is true, assumes a big/little-endian swap is needed. bool IndexMap::DeSerialize(bool swap, FILE* fp) { - int32_t sparse_size; + uint32_t sparse_size; if (fread(&sparse_size, sizeof(sparse_size), 1, fp) != 1) return false; if (swap) ReverseN(&sparse_size, sizeof(sparse_size)); + // Arbitrarily limit the number of elements to protect against bad data. + if (sparse_size > UINT16_MAX) return false; sparse_size_ = sparse_size; if (!compact_map_.DeSerialize(swap, fp)) return false; return true;