From 1527fea95b1b39c9fb76f1abe9f1bb633f2c7d30 Mon Sep 17 00:00:00 2001 From: xiyoo0812 Date: Sun, 8 Oct 2023 11:02:23 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=95=B0=E7=BB=84=E7=B1=BB?= =?UTF-8?q?=E5=9E=8B=E5=88=A4=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/lbson/src/bson.h | 4 ++++ extend/ljson/src/ljson.h | 4 ++++ extend/luakit/include/lua_codec.h | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/extend/lbson/src/bson.h b/extend/lbson/src/bson.h index 4249159a..d55f9485 100644 --- a/extend/lbson/src/bson.h +++ b/extend/lbson/src/bson.h @@ -205,6 +205,10 @@ namespace lbson { if (!lua_isinteger(L, -2)) { return bson_type::BSON_DOCUMENT; } + size_t key = lua_tointeger(L, -2); + if (key <= 0 || key > raw_len) { + return bson_type::BSON_DOCUMENT; + } cur_len++; lua_pop(L, 1); } diff --git a/extend/ljson/src/ljson.h b/extend/ljson/src/ljson.h index 4ad41863..771b4f57 100644 --- a/extend/ljson/src/ljson.h +++ b/extend/ljson/src/ljson.h @@ -62,6 +62,10 @@ namespace ljson { if (!lua_isinteger(L, -2)) { return false; } + size_t key = lua_tointeger(L, -2); + if (key <= 0 || key > raw_len) { + return false; + } lua_pop(L, 1); cur_len++; } diff --git a/extend/luakit/include/lua_codec.h b/extend/luakit/include/lua_codec.h index 78017b8f..39723e0e 100644 --- a/extend/luakit/include/lua_codec.h +++ b/extend/luakit/include/lua_codec.h @@ -56,6 +56,10 @@ namespace luakit { if (!lua_isinteger(L, -2)) { return false; } + size_t key = lua_tointeger(L, -2); + if (key <= 0 || key > raw_len) { + return false; + } cur_len++; lua_pop(L, 1); }