dec.wireType[id] = wire
}
+var errBadCount = gobError{os.NewError("invalid message length")}
+
// recvMessage reads the next count-delimited item from the input. It is the converse
// of Encoder.writeMessage. It returns false on EOF or other error reading the message.
func (dec *Decoder) recvMessage() bool {
dec.err = err
return false
}
+ if nbytes >= 1<<31 {
+ dec.err = errBadCount
+ return false
+ }
dec.readMessage(int(nbytes))
return dec.err == nil
}
}
}
}
+
+// Used to crash: negative count in recvMessage.
+func TestBadCount(t *testing.T) {
+ b := []byte{0xfb, 0xa5, 0x82, 0x2f, 0xca, 0x1}
+ if err := NewDecoder(bytes.NewBuffer(b)).Decode(nil); err == nil {
+ t.Error("expected error from bad count")
+ } else if err.String() != errBadCount.String() {
+ t.Error("expected bad count error; got", err)
+ }
+}