From 9f986a89ed02dcb24190528829803943fc5e36fb Mon Sep 17 00:00:00 2001 From: Alan Antonuk Date: Tue, 9 Jan 2018 22:40:55 -0800 Subject: Lib: check encoded array length isn't too long Check that the encoded array length doesn't go past the available encoded data. Fixes defect CID 1383632 found by Coverity. --- librabbitmq/amqp_table.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'librabbitmq/amqp_table.c') diff --git a/librabbitmq/amqp_table.c b/librabbitmq/amqp_table.c index 5b61220..1cb0d6b 100644 --- a/librabbitmq/amqp_table.c +++ b/librabbitmq/amqp_table.c @@ -69,6 +69,10 @@ static int amqp_decode_array(amqp_bytes_t encoded, amqp_pool_t *pool, return AMQP_STATUS_BAD_AMQP_DATA; } + if (arraysize + *offset > encoded.len) { + return AMQP_STATUS_BAD_AMQP_DATA; + } + entries = malloc(allocated_entries * sizeof(amqp_field_value_t)); if (entries == NULL) { return AMQP_STATUS_NO_MEMORY; -- cgit v1.2.1