From fa4b181790bc6b5b4dc5efda7da853a38412c8ac Mon Sep 17 00:00:00 2001 From: ShangzhiXu <1986192214@qq.com> Date: Fri, 6 Mar 2026 10:07:44 +0000 Subject: [PATCH] Fix heap buffer overflow in StructDef Deserialize --- src/idl_parser.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/idl_parser.cpp b/src/idl_parser.cpp index caeca93d253..298e9a960ae 100644 --- a/src/idl_parser.cpp +++ b/src/idl_parser.cpp @@ -4130,7 +4130,13 @@ bool StructDef::Deserialize(Parser& parser, const reflection::Object* object) { sortbysize = attributes.Lookup("original_order") == nullptr && !fixed; const auto& of = *(object->fields()); auto indexes = std::vector(of.size()); - for (uoffset_t i = 0; i < of.size(); i++) indexes[of.Get(i)->id()] = i; + for (uoffset_t i = 0; i < of.size(); i++) + { + if (of.Get(i)->id() >= of.size()) { + return false; + } + indexes[of.Get(i)->id()] = i; + } size_t tmp_struct_size = 0; for (size_t i = 0; i < indexes.size(); i++) { auto field = of.Get(indexes[i]);