From: Petteri Hintsanen <petterih@iki.fi>
Date: Mon, 11 Mar 2024 03:30:11 +0000 (-0400)
Subject: (bindat--unpack-item): Sanitize vector length
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=fc3c3cba482dd8bc797c07311d6b4b829fcb06ea;p=emacs.git

(bindat--unpack-item): Sanitize vector length

Copyright-paperwork-exempt: yes

* lisp/emacs-lisp/bindat.el (bindat--unpack-item): Sanitize vector length

(cherry picked from commit ed43ad5b5652aed075348357121d9193256721c0)
---

diff --git a/lisp/emacs-lisp/bindat.el b/lisp/emacs-lisp/bindat.el
index 73745e8c7ac..a2161022a89 100644
--- a/lisp/emacs-lisp/bindat.el
+++ b/lisp/emacs-lisp/bindat.el
@@ -204,6 +204,9 @@
    ('str (bindat--unpack-str len))
    ('strz (bindat--unpack-strz len))
    ('vec
+    (when (> len (length bindat-raw))
+      (error "Vector length %d is greater than raw data length %d."
+             len (length bindat-raw)))
     (let ((v (make-vector len 0)) (vlen 1))
       (if (consp vectype)
 	  (setq vlen (nth 1 vectype)