From 6f6410b0dc1343296bf20da71de9e6b53798445e7d86ce63d091702da2a2f197 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sun, 6 Oct 2024 12:19:28 +0300
Subject: [PATCH] Do not deal with very large strings

Currently code won't work with them because of the uint64 overflow.
---
 cyac/dec.c  | 9 ++++++---
 cyac/dec.h  | 1 +
 gyac/dec.go | 8 +++++++-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/cyac/dec.c b/cyac/dec.c
index 35d3960..d8030f8 100644
--- a/cyac/dec.c
+++ b/cyac/dec.c
@@ -55,6 +55,9 @@ YACAtomDecode(struct YACAtom *atom, const unsigned char *buf, const size_t len)
                 ((l < (1 << 16)) && (ll > 2))) {
                 return YACErrLenNonMinimal;
             }
+            if (l > ((uint64_t)(1) << 60)) {
+                return YACErrLenTooBig;
+            }
         }
         atom->off += l;
         if (len < atom->off) {
@@ -65,12 +68,12 @@ YACAtomDecode(struct YACAtom *atom, const unsigned char *buf, const size_t len)
         if (atom->typ == YACItemStr) {
             size_t cpl = 0;
             uint32_t cp = YACUTF8InvalidCp;
-            for (ll = 0; ll < l;) {
-                cpl = YACUTF8CpDecode(&cp, atom->val.buf + ll, l - ll);
+            for (size_t n = 0; n < l;) {
+                cpl = YACUTF8CpDecode(&cp, atom->val.buf + n, l - n);
                 if (cp == YACUTF8InvalidCp) {
                     return YACErrBadUTF8;
                 }
-                ll += cpl;
+                n += cpl;
             }
         }
         return YACErrNo;
diff --git a/cyac/dec.h b/cyac/dec.h
index a2eef5d..f77b53a 100644
--- a/cyac/dec.h
+++ b/cyac/dec.h
@@ -30,6 +30,7 @@ enum YACErr {
     YACErrNotEnough,      // not enough data (atom.off is how much)
     YACErrUnknownType,    // unknown atom's type
     YACErrLenNonMinimal,  // non-minimal string length coding
+    YACErrLenTooBig,      // string length >1<<60
     YACErrBadUTF8,        // invalid UTF-8 codepoint
     YACErrIntZeroByte,    // non-minimal integer coding
     YACErrIntNonMinimal,  // non-minimal integer coding
diff --git a/gyac/dec.go b/gyac/dec.go
index c4ecb30..075804a 100644
--- a/gyac/dec.go
+++ b/gyac/dec.go
@@ -62,6 +62,7 @@ func (raw *Raw) String() string {
 var (
 	ErrNotEnough      = errors.New("not enough data")
 	ErrLenNonMinimal  = errors.New("non-minimal len")
+	ErrLenTooBig      = errors.New("string len >1<<60")
 	ErrIntZeroByte    = errors.New("zero byte int")
 	ErrUnknownType    = errors.New("unknown type")
 	ErrBadUTF8        = errors.New("invalid UTF-8")
@@ -103,7 +104,12 @@ func AtomDecode(buf []byte) (item *Item, off int, err error) {
 				err = ErrNotEnough
 				return
 			}
-			l = int(FromBE(buf[1 : 1+ll]))
+			ul := FromBE(buf[1 : 1+ll])
+			if ul > (1 << 60) {
+				err = ErrLenTooBig
+				return
+			}
+			l = int(ul)
 			if (l < 61) || ((l < (1 << 8)) && (ll > 1)) || ((l < (1 << 16)) && (ll > 2)) {
 				err = ErrLenNonMinimal
 				return
-- 
2.48.1