From ee66bc7263e3aa5d81dd4725929feb816063155c Mon Sep 17 00:00:00 2001 From: baldurk Date: Fri, 19 May 2023 09:57:03 +0100 Subject: Verify array sizes when serialising for strings * We also limit the array size to 1GB for 32-bit. The 4GB/1GB limit is far larger than reasonable for strings but can be handled the same way regardless. --- renderdoc/serialise/serialiser.h | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/renderdoc/serialise/serialiser.h b/renderdoc/serialise/serialiser.h index 541a9ce7c..0dd3d2bec 100644 --- a/renderdoc/serialise/serialiser.h +++ b/renderdoc/serialise/serialiser.h @@ -727,7 +727,7 @@ public: arr.ReserveChildren((size_t)size); if(IsReading()) - el.resize((int)size); + el.resize((size_t)size); if(m_LazyThreshold > 0 && size > m_LazyThreshold) { @@ -762,7 +762,7 @@ public: else { if(IsReading()) - el.resize((int)size); + el.resize((size_t)size); for(size_t i = 0; i < (size_t)size; i++) SerialiseDispatch::Do(*this, el[i]); @@ -1311,7 +1311,8 @@ public: if(IsReading()) { m_Read->Read(len); - el.resize((int)len); + VerifyArraySize(len); + el.resize((size_t)len); if(len > 0) m_Read->Read(&el[0], len); } @@ -1426,13 +1427,20 @@ private: } }; - void VerifyArraySize(uint64_t &count) + template + void VerifyArraySize(intSize &count) { uint64_t size = m_Read->GetSize(); - // for streaming, just take 4GB as a 'semi reasonable' upper limit for array sizes +// for streaming, just take 4GB as a 'semi reasonable' upper limit for array sizes +// use 1GB on 32-bit to avoid overflows +#if ENABLED(RDOC_X64) if(m_DataStreaming) size = 0xFFFFFFFFU; +#else + if(m_DataStreaming) + size = 0x3FFFFFFFU; +#endif if(count > size) { -- 2.30.2