lib/nbt: Fix a possible buffer overflow in readString()

2022-08-15 12:02:58 +02:00 · 2022-08-15 12:02:58 +02:00 · a1fc0ce4b4
parent ca7b121c4d
commit a1fc0ce4b4
1 changed files with 3 additions and 0 deletions
--- a/src/lib/nbt.cpp
+++ b/src/lib/nbt.cpp
@ -154,6 +154,9 @@ namespace NBT {
            if (stringSize.isError) {
                return ErrorOr<tiny_utf8::string>(true, stringSize.errorCode);
            }
+            if (currentPosition + (uint64_t) stringSize.value + 2 > dataSize) {
+                return ErrorOr<tiny_utf8::string>(true, ErrorCodes::OVERRUN);
+            }

            ErrorOr<tiny_utf8::string> output = JavaCompat::importJavaString(data+currentPosition, stringSize.value);
            if(output.isError){