diff options
| -rw-r--r-- | fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 | bin | 0 -> 194 bytes | |||
| -rw-r--r-- | net/HttpRequest.cpp | 5 |
2 files changed, 5 insertions, 0 deletions
diff --git a/fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 b/fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 Binary files differnew file mode 100644 index 0000000000..e28f3d49f2 --- /dev/null +++ b/fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 diff --git a/net/HttpRequest.cpp b/net/HttpRequest.cpp index 9f5d0dc30b..0eceaedc09 100644 --- a/net/HttpRequest.cpp +++ b/net/HttpRequest.cpp @@ -553,6 +553,11 @@ int64_t Response::readData(const char* p, int64_t len) if (digit < 0) break; + if (chunkLen >= (std::numeric_limits<int64_t>::max() - digit) / 16) + { + // Would not fit into chunkLen. + return len - available; + } chunkLen = chunkLen * 16 + digit; } |