fix(consistent-bincode): overflow when parsing malformed data

huanghongxun · huanghongxun · commit c1a204d73993 · 2025-01-02T14:52:02.000+08:00
diff --git a/float-pigment-consistent-bincode/src/de/mod.rs b/float-pigment-consistent-bincode/src/de/mod.rs
@@ -83,7 +83,12 @@ impl<'de, R: BincodeRead<'de>, O: Options> Deserializer<R, O> {
         let seg_size = O::IntEncoding::deserialize_u32(self)? as usize;
         let ssl = SegmentSizeLimit {
             diff: match self.segment_size_limits.last() {
-                Some(_) => Some(self.reader.barrier() - seg_size),
+                Some(_) => Some(
+                    self.reader
+                        .barrier()
+                        .checked_sub(seg_size)
+                        .ok_or(ErrorKind::InvalidData)?,
+                ),
                 None => None,
             },
         };
diff --git a/float-pigment-consistent-bincode/src/error.rs b/float-pigment-consistent-bincode/src/error.rs
@@ -37,6 +37,8 @@ pub enum ErrorKind {
     Custom(String),
     /// No enough segment data to read.
     SegmentEnded,
+    /// Invalid data
+    InvalidData,
 }
 
 impl serde::de::StdError for ErrorKind {
@@ -52,6 +54,7 @@ impl serde::de::StdError for ErrorKind {
             ErrorKind::SizeLimit => None,
             ErrorKind::Custom(_) => None,
             ErrorKind::SegmentEnded => None,
+            ErrorKind::InvalidData => None,
         }
     }
 }
@@ -85,6 +88,7 @@ impl fmt::Display for ErrorKind {
             ),
             ErrorKind::Custom(ref s) => s.fmt(fmt),
             ErrorKind::SegmentEnded => write!(fmt, "the segment does not contain enough data"),
+            ErrorKind::InvalidData => write!(fmt, "the data is invalid"),
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,8 @@ pub enum ErrorKind {`
`37`	`37`	`Custom(String),`
`38`	`38`	`/// No enough segment data to read.`
`39`	`39`	`SegmentEnded,`
	`40`	`+ /// Invalid data`
	`41`	`+ InvalidData,`
`40`	`42`	`}`
`41`	`43`
`42`	`44`	`impl serde::de::StdError for ErrorKind {`
`@@ -52,6 +54,7 @@ impl serde::de::StdError for ErrorKind {`
`52`	`54`	`ErrorKind::SizeLimit => None,`
`53`	`55`	`ErrorKind::Custom(_) => None,`
`54`	`56`	`ErrorKind::SegmentEnded => None,`
	`57`	`+ ErrorKind::InvalidData => None,`
`55`	`58`	`}`
`56`	`59`	`}`
`57`	`60`	`}`
`@@ -85,6 +88,7 @@ impl fmt::Display for ErrorKind {`
`85`	`88`	`),`
`86`	`89`	`ErrorKind::Custom(ref s) => s.fmt(fmt),`
`87`	`90`	`ErrorKind::SegmentEnded => write!(fmt, "the segment does not contain enough data"),`
	`91`	`+ ErrorKind::InvalidData => write!(fmt, "the data is invalid"),`
`88`	`92`	`}`
`89`	`93`	`}`
`90`	`94`	`}`