internal/impl: fix validator bytes field length decoding
Missing a bounds check on the first byte.
Change-Id: I089fa8dcc1a14d11faca1acba758b6b811b16ac4
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/216957
Reviewed-by: Joe Tsai <joetsai@google.com>
diff --git a/internal/impl/validate.go b/internal/impl/validate.go
index 9e33979..bf5f60d 100644
--- a/internal/impl/validate.go
+++ b/internal/impl/validate.go
@@ -414,7 +414,7 @@
continue State
case wire.BytesType:
var size uint64
- if b[0] < 0x80 {
+ if len(b) >= 1 && b[0] < 0x80 {
size = uint64(b[0])
b = b[1:]
} else if len(b) >= 2 && b[1] < 128 {
diff --git a/proto/testmessages_test.go b/proto/testmessages_test.go
index 9994804..d7f5523 100644
--- a/proto/testmessages_test.go
+++ b/proto/testmessages_test.go
@@ -2068,4 +2068,24 @@
}},
}.Marshal(),
},
+ {
+ desc: "varint field overruns message",
+ decodeTo: []proto.Message{
+ (*testpb.TestAllTypes)(nil),
+ (*testpb.TestAllExtensions)(nil),
+ },
+ wire: pack.Message{
+ pack.Tag{1, pack.VarintType},
+ }.Marshal(),
+ },
+ {
+ desc: "bytes field lacks size",
+ decodeTo: []proto.Message{
+ (*testpb.TestAllTypes)(nil),
+ (*testpb.TestAllExtensions)(nil),
+ },
+ wire: pack.Message{
+ pack.Tag{18, pack.BytesType},
+ }.Marshal(),
+ },
}