You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
auto type_vec = table.GetPointer<Vector<uint8_t> *>(vec_field.offset() -
sizeof(voffset_t));
if (!v.VerifyVector(type_vec)) returnfalse;
for (uoffset_t j = 0; j < vec->size(); j++) {
// get union type from the prev field
auto utype = type_vec->Get(j);
auto elem = vec->Get(j);
if (!VerifyUnion(v, schema, utype, elem, vec_field)) returnfalse;
}
If the code is not compiled with NDEBUG, the out-of-bounds access will be caught by the assert in Get(). However, this is a potential security problem for release builds operating on untrusted flatbuffers.
The text was updated successfully, but these errors were encountered:
The length of the type vector is not checked when verifying a vector of unions. Instead, the code assumes that it is as long as the value vector:
flatbuffers/src/reflection.cpp
Lines 152 to 160 in bd1b2d0
If the code is not compiled with
NDEBUG, the out-of-bounds access will be caught by the assert inGet(). However, this is a potential security problem for release builds operating on untrusted flatbuffers.The text was updated successfully, but these errors were encountered: