Skip to content

Commit

Permalink
Do not allow too large verbatim strings, and check for EOF while read…
Browse files Browse the repository at this point in the history 
…ing them.
  • Loading branch information
@ni4
ni4 committed Jul 28, 2024
1 parent 7197ff2 commit 0a1ad78
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/sexp-input.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,14 @@ void sexp_input_stream_t::scan_verbatim_string(sexp_simple_string_t &ss, uint32_

// Some length is specified always, this is ensured by the caller's logic
assert(length != std::numeric_limits<uint32_t>::max());
// We should not handle too large strings
if (length > 1024 * 1024) {
sexp_error(sexp_exception_t::error, "Too large verbatim string: %zu", length, 0, count);

Check warning on line 224 in src/sexp-input.cpp

View check run for this annotation

Codecov / codecov/patch

src/sexp-input.cpp#L224 

Added line #L224 was not covered by tests
}
for (uint32_t i = 0; i < length; i++) {
if (next_char == EOF) {
sexp_error(sexp_exception_t::error, "EOF while reading verbatim string at %zu", i, 0, count);

Check warning on line 228 in src/sexp-input.cpp

View check run for this annotation

Codecov / codecov/patch

src/sexp-input.cpp#L228 

Added line #L228 was not covered by tests
}
ss.append(next_char);
get_char();
}
Expand Down

0 comments on commit 0a1ad78

Please sign in to comment.