diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2018-01-09 22:40:55 -0800 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2018-01-09 22:47:04 -0800 |
commit | 9f986a89ed02dcb24190528829803943fc5e36fb (patch) | |
tree | 643afed3c471b9fd45029fb90803f125eafd8a70 /librabbitmq/amqp_table.c | |
parent | 8dab630df1f12db6ed48b2e7a653e948fcff2c9d (diff) | |
download | rabbitmq-c-9f986a89ed02dcb24190528829803943fc5e36fb.tar.gz |
Lib: check encoded array length isn't too long
Check that the encoded array length doesn't go past the available
encoded data.
Fixes defect CID 1383632 found by Coverity.
Diffstat (limited to 'librabbitmq/amqp_table.c')
-rw-r--r-- | librabbitmq/amqp_table.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/librabbitmq/amqp_table.c b/librabbitmq/amqp_table.c index 5b61220..1cb0d6b 100644 --- a/librabbitmq/amqp_table.c +++ b/librabbitmq/amqp_table.c @@ -69,6 +69,10 @@ static int amqp_decode_array(amqp_bytes_t encoded, amqp_pool_t *pool, return AMQP_STATUS_BAD_AMQP_DATA; } + if (arraysize + *offset > encoded.len) { + return AMQP_STATUS_BAD_AMQP_DATA; + } + entries = malloc(allocated_entries * sizeof(amqp_field_value_t)); if (entries == NULL) { return AMQP_STATUS_NO_MEMORY; |