diff --git a/src/io-util.cc b/src/io-util.cc index 20e3d45d..6ce44b3a 100644 --- a/src/io-util.cc +++ b/src/io-util.cc @@ -278,14 +278,23 @@ bool ReadWholeFile(std::vector *out, std::string *err, } return false; } - size_t size = AAsset_getLength(asset); - if (size == 0) { + off_t len = AAsset_getLength(asset); + if (len <= 0) { if (err) { (*err) += "Invalid file size : " + filepath + " (does the path point to a directory?)"; } return false; } + size_t size = size_t(len); + + if (size >= filesize_max) { + (*err) += "File size exceeds filesize_max : " + filepath + + " (filesize_max " + std::to_string(filesize_max) + ")"; + + return false; + } + out->resize(size); AAsset_read(asset, reinterpret_cast(&out->at(0)), size); AAsset_close(asset); @@ -400,8 +409,8 @@ bool ReadFileHeader(std::vector *out, std::string *err, } return false; } - size_t size = AAsset_getLength(asset); - if (size == 0) { + off_t len = AAsset_getLength(asset); + if (len <= 0) { if (err) { (*err) += "Invalid file size : " + filepath + " (does the path point to a directory?)"; @@ -409,6 +418,8 @@ bool ReadFileHeader(std::vector *out, std::string *err, return false; } + size_t size = size_t(len); + size = (std::min)(size_t(max_read_bytes), size); out->resize(size); AAsset_read(asset, reinterpret_cast(&out->at(0)), size);