Check that off <= lenmsg

Defense in depth, this should happen, but it happens... So check for it and return an error. Maybe (there is no testcase) fixes #106
2014-08-23 07:43:00 +01:00 · 2014-08-23 07:43:00 +01:00 · 8fecf17714
parent 34f5a12bfc
commit 8fecf17714
1 changed files with 4 additions and 1 deletions
--- a/msg.go
+++ b/msg.go
@ -860,7 +860,7 @@ func packStructCompress(any interface{}, msg []byte, off int, compression map[st
 	return off, err
 }

-// TODO(mg): Fix use of rdlength here
+// TODO(miek): Fix use of rdlength here

 // Unpack a reflect.StructValue from msg.
 // Same restrictions as packStructValue.
@ -868,6 +868,9 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
 	var rdend int
 	lenmsg := len(msg)
 	for i := 0; i < val.NumField(); i++ {
+		if off > lenmsg {
+			return lenmsg, &Error{"bad offset unpacking"}
+		}
 		switch fv := val.Field(i); fv.Kind() {
 		default:
 			return lenmsg, &Error{err: "bad kind unpacking"}