Check the return value of int_range_lookup before using as an array index; it can return -1

This commit is contained in:
Sam Collinson 2018-04-15 21:46:55 +10:00 committed by Robert Edmonds
parent 8073f6ee23
commit 9b899c9d3b

View File

@ -2239,6 +2239,8 @@ merge_messages(ProtobufCMessage *earlier_msg,
latter_msg->descriptor latter_msg->descriptor
->field_ranges, ->field_ranges,
*earlier_case_p); *earlier_case_p);
if (field_index < 0)
return FALSE;
field = latter_msg->descriptor->fields + field = latter_msg->descriptor->fields +
field_index; field_index;
} else { } else {
@ -2632,6 +2634,8 @@ parse_oneof_member (ScannedMember *scanned_member,
int_range_lookup(message->descriptor->n_field_ranges, int_range_lookup(message->descriptor->n_field_ranges,
message->descriptor->field_ranges, message->descriptor->field_ranges,
*oneof_case); *oneof_case);
if (field_index < 0)
return FALSE;
const ProtobufCFieldDescriptor *old_field = const ProtobufCFieldDescriptor *old_field =
message->descriptor->fields + field_index; message->descriptor->fields + field_index;
size_t el_size = sizeof_elt_in_repeated_array(old_field->type); size_t el_size = sizeof_elt_in_repeated_array(old_field->type);