sanity check string vectors on read

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
AcademySoftwareFoundation · Aug 9, 2020 · fcaa169 · fcaa169
1 parent 0d13c74
commit fcaa169
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/OpenEXR/IlmImf/ImfStringVectorAttribute.cpp b/OpenEXR/IlmImf/ImfStringVectorAttribute.cpp
@@ -64,6 +64,7 @@ StringVectorAttribute::writeValueTo (OPENEXR_IMF_INTERNAL_NAMESPACE::OStream &os
     for (int i = 0; i < size; i++)
     {
         int strSize = _value[i].size();
+
         Xdr::write <StreamIO> (os, strSize);
 	Xdr::write <StreamIO> (os, &_value[i][0], strSize);
     }
@@ -82,6 +83,13 @@ StringVectorAttribute::readValueFrom (OPENEXR_IMF_INTERNAL_NAMESPACE::IStream &i
        Xdr::read <StreamIO> (is, strSize);
        read += Xdr::size<int>();       
 
+       // check there is enough space remaining in attribute to
+       // contain claimed string length
+       if( strSize < 0 || strSize+read > size)
+       {
+           throw IEX_NAMESPACE::InputExc("Invalid size field reading stringvector attribute");
+       }
+
        std::string str;
        str.resize (strSize);