diff --git a/Pod/Classes/VOKBenkode.h b/Pod/Classes/VOKBenkode.h index 63b8de2..b0ad261 100644 --- a/Pod/Classes/VOKBenkode.h +++ b/Pod/Classes/VOKBenkode.h @@ -23,6 +23,8 @@ enum { VOKBenkodeErrorStringMissingColon, /// Read an apparently-negative string length. VOKBenkodeErrorStringLengthNegative, + /// Read a string length that exceeded NSUIntegerMax. + VOKBenkodeErrorStringLengthExceedesNSUIntegerMax, /// Read a malformed string length. VOKBenkodeErrorStringLengthMalformed, /// The length of the string indicates more data than was passed in. diff --git a/Pod/Classes/VOKBenkode.m b/Pod/Classes/VOKBenkode.m index ff85162..be067c2 100644 --- a/Pod/Classes/VOKBenkode.m +++ b/Pod/Classes/VOKBenkode.m @@ -423,10 +423,19 @@ + (NSString *)decodeString:(NSData *)data } return nil; } - long long stringLength = [buffer longLongValue]; + long long llStringLength = [buffer longLongValue]; + // Is the string length beyond what can be represented in an NSUInteger? (NSMakeRange takes NSUInteger inputs, so...) + if (llStringLength > NSUIntegerMax) { + if (error) { + *error = [NSError errorWithDomain:VOKBenkodeErrorDomain + code:VOKBenkodeErrorStringLengthExceedesNSUIntegerMax + userInfo:nil]; + } + return nil; + } // Is the string length negative? - if (stringLength < 0) { + if (llStringLength < 0) { if (error) { *error = [NSError errorWithDomain:VOKBenkodeErrorDomain code:VOKBenkodeErrorStringLengthNegative @@ -435,8 +444,11 @@ + (NSString *)decodeString:(NSData *)data return nil; } + // Safe to cast to NSUInteger (in the interval [0, NSUIntegerMax]). + NSUInteger stringLength = (NSUInteger)llStringLength; + // Is the string length properly formatted (no leading 0s, etc.)? - if (![buffer isEqualToString:[NSString stringWithFormat:@"%lld", stringLength]]) { + if (![buffer isEqualToString:[NSString stringWithFormat:@"%@", @(stringLength)]]) { if (error) { *error = [NSError errorWithDomain:VOKBenkodeErrorDomain code:VOKBenkodeErrorStringLengthMalformed