Prevent buffer overflow in Value::getStringBytes

couchbase · Jul 19, 2023 · 28baa5b · 28baa5b
1 parent ccae083
commit 28baa5b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/Fleece/Core/Value.cc b/Fleece/Core/Value.cc
@@ -158,6 +158,9 @@ namespace fleece { namespace impl {
             // This means the actual length follows as a varint:
             uint32_t length;
             size_t lengthBytes = GetUVarInt32(s, &length);
+            if (_usuallyFalse(lengthBytes == 0))
+                // Invalid data, but I'm not allowed to throw an exception.
+                return nullslice;
             return slice(&s[lengthBytes], length);
         }
         return s;