summaryrefslogtreecommitdiffstats
path: root/pb_decode.c
diff options
context:
space:
mode:
Diffstat (limited to 'pb_decode.c')
-rw-r--r--pb_decode.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/pb_decode.c b/pb_decode.c
index 1699091c..78911e7b 100644
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -1035,6 +1035,12 @@ static void pb_release_single_field(const pb_field_iter_t *iter)
if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
{
count = *(pb_size_t*)iter->pSize;
+
+ if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > iter->pos->array_size)
+ {
+ /* Protect against corrupted _count fields */
+ count = iter->pos->array_size;
+ }
}
if (pItem)