diff --git a/swift/Sources/FlatBuffers/Verifiable.swift b/swift/Sources/FlatBuffers/Verifiable.swift index 42259e6f3..9f4bcf6d7 100644 --- a/swift/Sources/FlatBuffers/Verifiable.swift +++ b/swift/Sources/FlatBuffers/Verifiable.swift @@ -56,8 +56,15 @@ extension Verifiable { let len: UOffset = try verifier.getValue(at: position) let intLen = Int(len) let start = Int(clamping: (position &+ MemoryLayout.size).magnitude) + let byteCount = intLen.multipliedReportingOverflow( + by: MemoryLayout.size) + guard !byteCount.overflow else { + throw FlatbuffersErrors.outOfBounds( + position: UInt.max, + end: verifier.capacity) + } try verifier.isAligned(position: start, type: type.self) - try verifier.rangeInBuffer(position: start, size: intLen) + try verifier.rangeInBuffer(position: start, size: byteCount.partialValue) return (start, intLen) } } diff --git a/tests/swift/Tests/Flatbuffers/FlatbuffersVerifierTests.swift b/tests/swift/Tests/Flatbuffers/FlatbuffersVerifierTests.swift index b116f1d9c..b4c94ca25 100644 --- a/tests/swift/Tests/Flatbuffers/FlatbuffersVerifierTests.swift +++ b/tests/swift/Tests/Flatbuffers/FlatbuffersVerifierTests.swift @@ -411,6 +411,27 @@ final class FlatbuffersVerifierTests { } } + @Test(.bug("https://github.com/google/flatbuffers/issues/9082")) + func testRejectsTruncatedScalarVector() { + // swiftformat:disable all + var byteBuffer = ByteBuffer(bytes: [ + 16, 0, 0, 0, + 6, 0, 8, 0, + 4, 0, 0, 0, + 0, 0, 0, 0, + 12, 0, 0, 0, + 8, 0, 0, 0, + 0, 0, 0, 0, + 2, 0, 0, 0, + 65, 66, + ]) + // swiftformat:enable all + + #expect(throws: FlatbuffersErrors.self) { + try getCheckedRoot(byteBuffer: &byteBuffer) as Swift_Tests_Vectors + } + } + @Test func testValidUnionBuffer() { let string = "Awesome \\\\t\t\nstring!"