Merge pull request #449 from s-hadinger/filelib_improve_protection

Improve protection of filelib when reading files too large
berry-lang · Nov 15, 2024 · 828cf43 · 828cf43
2 parents b4b87d8 + 5783eb2
commit 828cf43
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/be_filelib.c b/src/be_filelib.c
@@ -10,6 +10,7 @@
 #include "be_sys.h"
 #include "be_gc.h"
 #include "be_bytecode.h"
+#include "be_vm.h"
 #include <string.h>
 
 #define READLINE_STEP           100
@@ -71,12 +72,23 @@ static int i_readbytes(bvm *vm)
         void *fh = be_tocomptr(vm, -1);
         size_t size = readsize(vm, argc, fh);
         if (size) {
+            if (size > vm->bytesmaxsize) {
+                be_raise(vm, "memory_error", "size exceeds maximum allowed for bytes");
+            }
             /* avoid double allocation, using directly the internal buffer of bytes() */
             be_getbuiltin(vm, "bytes");
             be_pushint(vm, size);
             be_call(vm, 1);  /* call bytes() constructor with pre-sized buffer */
             be_pop(vm, 1);  /* bytes() instance is at top */
 
+            /* read back the actual buffer size */
+            be_getmember(vm, -1, ".size");
+            int32_t bytes_size = be_toint(vm, -1);
+            be_pop(vm, 1);
+            if (bytes_size < (int32_t)size) {
+                be_raise(vm, "memory_error", "could not allocated buffer");
+            }
+
             be_getmember(vm, -1, "resize");
             be_pushvalue(vm, -2);
             be_pushint(vm, size);