X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=pb_decode.c;h=1e2fea0a627746d61f60b35267f64a9df4eb323e;hb=113bd7ee878ac2284c8c049fdb8dc2d2bd19f016;hp=3992ab86f8c02b8a46c83fcf8bef0dce5f6053a5;hpb=ad7a0e2111aaf599466153097e4c8eebf476244d;p=apps%2Fagl-service-can-low-level.git

diff --git a/pb_decode.c b/pb_decode.c
index 3992ab86..1e2fea0a 100644
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -509,7 +509,8 @@ bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_t *field, voi
         return false;
     x->size = temp;
     
-    if (x->size > field->data_size)
+    /* Check length, noting the space taken by the size_t header. */
+    if (x->size > field->data_size - offsetof(pb_bytes_array_t, bytes))
         return false;
     
     return pb_read(stream, x->bytes, x->size);
@@ -522,6 +523,7 @@ bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_t *field, vo
     if (!pb_decode_varint32(stream, &size))
         return false;
     
+    /* Check length, noting the null terminator */
     if (size > field->data_size - 1)
         return false;