Skip to content
This repository has been archived by the owner on Feb 3, 2023. It is now read-only.

Commit

Permalink
Guard against possible overflow bug in NetworkBinaryStream
Browse files Browse the repository at this point in the history
  • Loading branch information
@dktapps
dktapps committed Oct 26, 2018
1 parent b0624af commit 9b820a0
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/pocketmine/network/mcpe/NetworkBinaryStream.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,12 @@ public function putSlot(Item $item) : void{
$this->putVarInt($auxValue);

$nbt = $item->getCompoundTag();
$this->putLShort(strlen($nbt));
$nbtLen = strlen($nbt);
if($nbtLen > 32767){
throw new \InvalidArgumentException("NBT encoded length must be < 32768, got $nbtLen bytes");
}

$this->putLShort($nbtLen);
$this->put($nbt);

$this->putVarInt(0); //CanPlaceOn entry count (TODO)
Expand Down

0 comments on commit 9b820a0

Please sign in to comment.