epee: basic sanity check on allocation size from untrusted source

Reported by guidov
5 years ago · 307bd8f5ae
parent 94390f8364
commit 307bd8f5ae
1 changed files with 1 additions and 0 deletions
--- a/contrib/epee/include/storages/portable_storage_from_bin.h
+++ b/contrib/epee/include/storages/portable_storage_from_bin.h
@ -136,6 +136,7 @@ namespace epee
      //for pod types
      array_entry_t<type_name> sa;
      size_t size = read_varint();
+      CHECK_AND_ASSERT_THROW_MES(size <= m_count, "Size sanity check failed");
      sa.reserve(size);
      //TODO: add some optimization here later
      while(size--)