From 93cc15428f8059e914c318ebbbc706adb1a8d7f6 Mon Sep 17 00:00:00 2001
From: lijincheng <lijincheng13@huawei.com>
Date: Mon, 28 Aug 2023 20:16:11 +0800
Subject: [PATCH] [Bug] Parcel module lack length detection in extreme cases,
 leading to the risk of numerical overflow

1.If the datalength exceeds the supported length, intercept it to prevent subsequent calculations from occurring

Issue:https://gitee.com/openharmony/commonlibrary_c_utils/issues/I7WM9L
Signed-off-by: lijincheng <lijincheng13@huawei.com>
---
 base/src/parcel.cpp | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/base/src/parcel.cpp b/base/src/parcel.cpp
index 1dfe931..991c669 100644
--- a/base/src/parcel.cpp
+++ b/base/src/parcel.cpp
@@ -960,7 +960,7 @@ const std::string Parcel::ReadString()
     int32_t dataLength = 0;
     size_t oldCursor = readCursor_;
 
-    if (!Read<int32_t>(dataLength) || dataLength < 0) {
+    if (!Read<int32_t>(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) {
         return std::string();
     }
 
@@ -985,7 +985,7 @@ bool Parcel::ReadString(std::string &value)
     int32_t dataLength = 0;
     size_t oldCursor = readCursor_;
 
-    if (!Read<int32_t>(dataLength) || dataLength < 0) {
+    if (!Read<int32_t>(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) {
         value = std::string();
         return false;
     }
@@ -1013,7 +1013,7 @@ const std::u16string Parcel::ReadString16()
     int32_t dataLength = 0;
     size_t oldCursor = readCursor_;
 
-    if (!Read<int32_t>(dataLength) || dataLength < 0) {
+    if (!Read<int32_t>(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) {
         return std::u16string();
     }
 
@@ -1038,7 +1038,7 @@ bool Parcel::ReadString16(std::u16string &value)
     int32_t dataLength = 0;
     size_t oldCursor = readCursor_;
 
-    if (!Read<int32_t>(dataLength) || dataLength < 0) {
+    if (!Read<int32_t>(dataLength) || dataLength < 0 || dataLength >= INT32_MAX) {
         value = std::u16string();
         return false;
     }
@@ -1070,7 +1070,7 @@ const std::u16string Parcel::ReadString16WithLength(int32_t &readLength)
         return std::u16string();
     }
 
-    if (dataLength < 0) {
+    if (dataLength < 0 || dataLength >= INT32_MAX) {
         readLength = dataLength;
         return std::u16string();
     }
@@ -1101,7 +1101,7 @@ const std::string Parcel::ReadString8WithLength(int32_t &readLength)
         return std::string();
     }
 
-    if (dataLength < 0) {
+    if (dataLength < 0 || dataLength >= INT32_MAX) {
         readLength = dataLength;
         return std::string();
     }
-- 
Gitee