Limit chunk's size too

diff --git a/cyac/iter.c b/cyac/iter.c
index 89f5ce9a6d165e37774f76df97470733ac02fe073b3d98baeb80e1f78c7fa8d3..ddb16c11167ca5a8dafbba36852ed6c31c16c9c02f2d4514fc6afd481ada0bdb 100644 (file)
--- a/cyac/iter.c
+++ b/cyac/iter.c
@@ -122,6 +122,9 @@ YACIterBlob(
     if (chunkLen == 0) {
         return YACErrBlobBadLen;
     }
+    if (chunkLen > ((uint64_t)(1) << 60)) {
+        return YACErrLenTooBig;
+    }
     atom->typ = YACItemChunkLen;
     err = cb(NULL, 0, 0, cbState, atom, off, buf, len);
     if (err != YACErrNo) {

diff --git a/gyac/dec.go b/gyac/dec.go
index 075804ace25e08b731830744da566e0fd9478bc817f2c80df3e732553eb5297b..c805f522cc8d39ad9f5f0f79da61f27745b71b62cc91b9e1bac23154a884bace 100644 (file)
--- a/gyac/dec.go
+++ b/gyac/dec.go
@@ -269,11 +269,11 @@ func AtomDecode(buf []byte) (item *Item, off int, err error) {
 func DecodeItem(buf []byte) (item *Item, tail []byte, err error) {
        var off int
        item, off, err = AtomDecode(buf)
-       buf = buf[off:]
-       tail = buf
        if err != nil {
                return
        }
+       buf = buf[off:]
+       tail = buf
        switch ItemType(item.T) {
        case ItemList:
                var sub *Item
@@ -344,6 +344,10 @@ func DecodeItem(buf []byte) (item *Item, tail []byte, err error) {
                        err = ErrBlobBadLen
                        return
                }
+               if sub.V.(uint64) > (1 << 60) {
+                       err = ErrLenTooBig
+                       return
+               }
                chunkLen := int(sub.V.(uint64))
                if chunkLen == 0 {
                        err = ErrBlobBadLen