diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2018-01-09 22:40:55 -0800 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2018-01-09 22:47:04 -0800 |
commit | 9f986a89ed02dcb24190528829803943fc5e36fb (patch) | |
tree | 643afed3c471b9fd45029fb90803f125eafd8a70 | |
parent | 8dab630df1f12db6ed48b2e7a653e948fcff2c9d (diff) | |
download | rabbitmq-c-9f986a89ed02dcb24190528829803943fc5e36fb.tar.gz |
Lib: check encoded array length isn't too long
Check that the encoded array length doesn't go past the available
encoded data.
Fixes defect CID 1383632 found by Coverity.
-rw-r--r-- | librabbitmq/amqp_table.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/librabbitmq/amqp_table.c b/librabbitmq/amqp_table.c index 5b61220..1cb0d6b 100644 --- a/librabbitmq/amqp_table.c +++ b/librabbitmq/amqp_table.c @@ -69,6 +69,10 @@ static int amqp_decode_array(amqp_bytes_t encoded, amqp_pool_t *pool, return AMQP_STATUS_BAD_AMQP_DATA; } + if (arraysize + *offset > encoded.len) { + return AMQP_STATUS_BAD_AMQP_DATA; + } + entries = malloc(allocated_entries * sizeof(amqp_field_value_t)); if (entries == NULL) { return AMQP_STATUS_NO_MEMORY; |