diff options
| author | Hasini Gunasinghe <hasinitg@google.com> | 2022-01-11 02:58:57 +0000 |
|---|---|---|
| committer | Hasini Gunasinghe <hasinitg@google.com> | 2022-01-12 03:14:35 +0000 |
| commit | 8f4908840cdd9cc2fe0442033516a273046598a2 (patch) | |
| tree | 8001d1f036eb96b6757a6ce86e2018de9d1295ac | |
| parent | 7301ee25d29c723b341e05da57522d6727c81154 (diff) | |
| download | libcppbor-8f4908840cdd9cc2fe0442033516a273046598a2.tar.gz | |
Add input validation for 'parseRecursively' method.android-12.1.0_r9android-12.1.0_r8android-12.1.0_r7android-12.1.0_r22android-12.1.0_r21android-12.1.0_r20android-12.1.0_r19android-12.1.0_r11android-12.1.0_r10android12L-devandroid12-qpr3-s7-releaseandroid12-qpr3-s6-releaseandroid12-qpr3-s5-releaseandroid12-qpr3-s4-releaseandroid12-qpr3-s3-releaseandroid12-qpr3-s2-releaseandroid12-qpr3-s1-releaseandroid12-qpr3-release
Bug: 192743373
Test: To be verified with fuzzer test case.
Change-Id: If052fcb2b2bbc5e0bfc8cfccc51cef11b9914017
| -rw-r--r-- | src/cppbor_parse.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/cppbor_parse.cpp b/src/cppbor_parse.cpp index 964a72d..9d388a3 100644 --- a/src/cppbor_parse.cpp +++ b/src/cppbor_parse.cpp @@ -195,6 +195,13 @@ std::tuple<const uint8_t*, ParseClient*> handleCompound( std::tuple<const uint8_t*, ParseClient*> parseRecursively(const uint8_t* begin, const uint8_t* end, bool emitViews, ParseClient* parseClient) { + if (begin == end) { + parseClient->error( + begin, + "Input buffer is empty. Begin and end cannot point to the same location."); + return {begin, nullptr}; + } + const uint8_t* pos = begin; MajorType type = static_cast<MajorType>(*pos & 0xE0); |