From fc3c3cba482dd8bc797c07311d6b4b829fcb06ea Mon Sep 17 00:00:00 2001
From: Petteri Hintsanen <petterih@iki.fi>
Date: Sun, 10 Mar 2024 23:30:11 -0400
Subject: [PATCH] (bindat--unpack-item): Sanitize vector length

Copyright-paperwork-exempt: yes

* lisp/emacs-lisp/bindat.el (bindat--unpack-item): Sanitize vector length

(cherry picked from commit ed43ad5b5652aed075348357121d9193256721c0)
---
 lisp/emacs-lisp/bindat.el | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lisp/emacs-lisp/bindat.el b/lisp/emacs-lisp/bindat.el
index 73745e8c7ac..a2161022a89 100644
--- a/lisp/emacs-lisp/bindat.el
+++ b/lisp/emacs-lisp/bindat.el
@@ -204,6 +204,9 @@
    ('str (bindat--unpack-str len))
    ('strz (bindat--unpack-strz len))
    ('vec
+    (when (> len (length bindat-raw))
+      (error "Vector length %d is greater than raw data length %d."
+             len (length bindat-raw)))
     (let ((v (make-vector len 0)) (vlen 1))
       (if (consp vectype)
 	  (setq vlen (nth 1 vectype)
-- 
2.39.5