Lib: check encoded array length isn't too long

Check that the encoded array length doesn't go past the available encoded data. Fixes defect CID 1383632 found by Coverity.
author: Alan Antonuk <alan.antonuk@gmail.com> 2018-01-09 22:40:55 -0800
committer: Alan Antonuk <alan.antonuk@gmail.com> 2018-01-09 22:47:04 -0800
commit: 9f986a89ed02dcb24190528829803943fc5e36fb (patch)
tree: 643afed3c471b9fd45029fb90803f125eafd8a70 /librabbitmq/amqp_table.c
parent: 8dab630df1f12db6ed48b2e7a653e948fcff2c9d (diff)
download: rabbitmq-c-9f986a89ed02dcb24190528829803943fc5e36fb.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/librabbitmq/amqp_table.c b/librabbitmq/amqp_table.c
index 5b61220..1cb0d6b 100644
--- a/librabbitmq/amqp_table.c
+++ b/librabbitmq/amqp_table.c
@@ -69,6 +69,10 @@ static int amqp_decode_array(amqp_bytes_t encoded, amqp_pool_t *pool,
     return AMQP_STATUS_BAD_AMQP_DATA;
   }
 
+  if (arraysize + *offset > encoded.len) {
+    return AMQP_STATUS_BAD_AMQP_DATA;
+  }
+
   entries = malloc(allocated_entries * sizeof(amqp_field_value_t));
   if (entries == NULL) {
     return AMQP_STATUS_NO_MEMORY;
author	Alan Antonuk <alan.antonuk@gmail.com>	2018-01-09 22:40:55 -0800
committer	Alan Antonuk <alan.antonuk@gmail.com>	2018-01-09 22:47:04 -0800
commit	9f986a89ed02dcb24190528829803943fc5e36fb (patch)
tree	643afed3c471b9fd45029fb90803f125eafd8a70 /librabbitmq/amqp_table.c
parent	8dab630df1f12db6ed48b2e7a653e948fcff2c9d (diff)
download	rabbitmq-c-9f986a89ed02dcb24190528829803943fc5e36fb.tar.gz