From aba82cb8c0839bf2aa02fd2bd5a3b359b69e636c Mon Sep 17 00:00:00 2001
From: David Nevado <david@davidnevado.xyz>
Date: Fri, 15 Dec 2023 18:43:44 +0100
Subject: [PATCH] fix: vk deserialization

---
 halo2_proofs/src/plonk.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs
index 5485d39fb4..80816a0da1 100644
--- a/halo2_proofs/src/plonk.rs
+++ b/halo2_proofs/src/plonk.rs
@@ -103,9 +103,21 @@ where
         format: SerdeFormat,
         #[cfg(feature = "circuit-params")] params: ConcreteCircuit::Params,
     ) -> io::Result<Self> {
+        // Maximum allowed value for parameter `k`, the log-size of the circuit.
+        const MAX_CIRCUIT_SIZE: u32 = 32;
         let mut k = [0u8; 4];
         reader.read_exact(&mut k)?;
         let k = u32::from_be_bytes(k);
+        if k > MAX_CIRCUIT_SIZE {
+            return Err(io::Error::new(
+                io::ErrorKind::InvalidData,
+                format!(
+                    "circuit size value (k): {} exceeds maxium: {}",
+                    k, MAX_CIRCUIT_SIZE
+                ),
+            ));
+        }
+
         let (domain, cs, _) = keygen::create_domain::<C, ConcreteCircuit>(
             k,
             #[cfg(feature = "circuit-params")]