From 0a1ad785a98a6b3a60054b75b4a87553040e7115 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Sun, 28 Jul 2024 12:15:59 +0300 Subject: [PATCH] Do not allow too large verbatim strings, and check for EOF while reading them. --- src/sexp-input.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/sexp-input.cpp b/src/sexp-input.cpp index 8f9bc0b..4f52696 100644 --- a/src/sexp-input.cpp +++ b/src/sexp-input.cpp @@ -219,7 +219,14 @@ void sexp_input_stream_t::scan_verbatim_string(sexp_simple_string_t &ss, uint32_ // Some length is specified always, this is ensured by the caller's logic assert(length != std::numeric_limits::max()); + // We should not handle too large strings + if (length > 1024 * 1024) { + sexp_error(sexp_exception_t::error, "Too large verbatim string: %zu", length, 0, count); + } for (uint32_t i = 0; i < length; i++) { + if (next_char == EOF) { + sexp_error(sexp_exception_t::error, "EOF while reading verbatim string at %zu", i, 0, count); + } ss.append(next_char); get_char(); }