diff --git a/base/src/parcel.cpp b/base/src/parcel.cpp index 1dfe9311cf8100a0406f9d4a82731b06ce7fb432..991c669aca9572b03dd9fa5550695fe3a6c6736f 100644 --- a/base/src/parcel.cpp +++ b/base/src/parcel.cpp @@ -960,7 +960,7 @@ const std::string Parcel::ReadString() int32_t dataLength = 0; size_t oldCursor = readCursor_; - if (!Read(dataLength) || dataLength < 0) { + if (!Read(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) { return std::string(); } @@ -985,7 +985,7 @@ bool Parcel::ReadString(std::string &value) int32_t dataLength = 0; size_t oldCursor = readCursor_; - if (!Read(dataLength) || dataLength < 0) { + if (!Read(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) { value = std::string(); return false; } @@ -1013,7 +1013,7 @@ const std::u16string Parcel::ReadString16() int32_t dataLength = 0; size_t oldCursor = readCursor_; - if (!Read(dataLength) || dataLength < 0) { + if (!Read(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) { return std::u16string(); } @@ -1038,7 +1038,7 @@ bool Parcel::ReadString16(std::u16string &value) int32_t dataLength = 0; size_t oldCursor = readCursor_; - if (!Read(dataLength) || dataLength < 0) { + if (!Read(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) { value = std::u16string(); return false; } @@ -1070,7 +1070,7 @@ const std::u16string Parcel::ReadString16WithLength(int32_t &readLength) return std::u16string(); } - if (dataLength < 0) { + if (dataLength < 0 || dataLength >= INT32_MAX) { readLength = dataLength; return std::u16string(); } @@ -1101,7 +1101,7 @@ const std::string Parcel::ReadString8WithLength(int32_t &readLength) return std::string(); } - if (dataLength < 0) { + if (dataLength < 0 || dataLength >= INT32_MAX) { readLength = dataLength; return std::string(); }