diff options
author | Jisi Liu <liujisi@google.com> | 2017-10-19 10:48:54 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-19 10:48:54 -0700 |
commit | 07b9238a1c03ef0351bcb4ca57d773eb7b7c5824 (patch) | |
tree | 21e26d76c08b02cdcffb944afb29916a59c182be /js/binary/decoder.js | |
parent | 9c407a16e4b64e8329da8508a56dd4ba260ebcd5 (diff) | |
parent | 2ee294d80b8d6841bcd1149f62180bb18d671033 (diff) | |
download | protobuf-07b9238a1c03ef0351bcb4ca57d773eb7b7c5824.tar.gz protobuf-07b9238a1c03ef0351bcb4ca57d773eb7b7c5824.tar.bz2 protobuf-07b9238a1c03ef0351bcb4ca57d773eb7b7c5824.zip |
Merge pull request #3770 from pherl/3.5-integrate
Integrate google internal changes for the up coming 3.5 release.
Diffstat (limited to 'js/binary/decoder.js')
-rw-r--r-- | js/binary/decoder.js | 27 |
1 files changed, 12 insertions, 15 deletions
diff --git a/js/binary/decoder.js b/js/binary/decoder.js index 313d6f3f..4ec3cada 100644 --- a/js/binary/decoder.js +++ b/js/binary/decoder.js @@ -583,27 +583,24 @@ jspb.BinaryDecoder.prototype.readUnsignedVarint32 = function() { x |= (temp & 0x0F) << 28; if (temp < 128) { // We're reading the high bits of an unsigned varint. The byte we just read - // also contains bits 33 through 35, which we're going to discard. Those - // bits _must_ be zero, or the encoding is invalid. - goog.asserts.assert((temp & 0xF0) == 0); + // also contains bits 33 through 35, which we're going to discard. this.cursor_ += 5; goog.asserts.assert(this.cursor_ <= this.end_); return x >>> 0; } - // If we get here, we're reading the sign extension of a negative 32-bit int. - // We can skip these bytes, as we know in advance that they have to be all - // 1's if the varint is correctly encoded. Since we also know the value is - // negative, we don't have to coerce it to unsigned before we return it. - - goog.asserts.assert((temp & 0xF0) == 0xF0); - goog.asserts.assert(bytes[this.cursor_ + 5] == 0xFF); - goog.asserts.assert(bytes[this.cursor_ + 6] == 0xFF); - goog.asserts.assert(bytes[this.cursor_ + 7] == 0xFF); - goog.asserts.assert(bytes[this.cursor_ + 8] == 0xFF); - goog.asserts.assert(bytes[this.cursor_ + 9] == 0x01); + // If we get here, we need to truncate coming bytes. However we need to make + // sure cursor place is correct. + this.cursor_ += 5; + if (bytes[this.cursor_++] >= 128 && + bytes[this.cursor_++] >= 128 && + bytes[this.cursor_++] >= 128 && + bytes[this.cursor_++] >= 128 && + bytes[this.cursor_++] >= 128) { + // If we get here, the varint is too long. + goog.asserts.assert(false); + } - this.cursor_ += 10; goog.asserts.assert(this.cursor_ <= this.end_); return x; }; |