epee: basic sanity check on allocation size from untrusted source

Reported by guidov
This commit is contained in:
moneromooo-monero 2019-03-08 12:02:21 +00:00
parent 3395de2e7f
commit b873b69ded
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3

View file

@ -136,6 +136,7 @@ namespace epee
//for pod types //for pod types
array_entry_t<type_name> sa; array_entry_t<type_name> sa;
size_t size = read_varint(); size_t size = read_varint();
CHECK_AND_ASSERT_THROW_MES(size <= m_count, "Size sanity check failed");
sa.reserve(size); sa.reserve(size);
//TODO: add some optimization here later //TODO: add some optimization here later
while(size--) while(size--)