commit 485044b19c85e4c50df34fd508d49838c0f5ee67
author Kasun Athukorala <kasunath@google.com> Tue Jul 15 00:59:36 2025 +0000
committer Kasun Athukorala <kasunath@google.com> Tue Jul 15 04:36:57 2025 +0000
tree 959485515d57dc540d3f35a2e8df7b7aede4c7f9
parent 9eb0117f0f5e5ed8ffe82d51f70d7af3b9baf6a0

bej_decoder: Check decoded string length

We need to check the bejString value lengths to prevent heap
buffer overflow

Tested:
Unit tested

Change-Id: Ie6a014fbffeb31f111bfbae331db197b3fb2f2ca
Signed-off-by: Kasun Athukorala <kasunath@google.com>

src/bej_decoder_core.c

diff --git a/src/bej_decoder_core.c b/src/bej_decoder_core.c
index e240d99..2536ed1 100644
--- a/src/bej_decoder_core.c
+++ b/src/bej_decoder_core.c
@@ -546,9 +546,10 @@
     }
     else
     {
-        RETURN_IF_CALLBACK_IERROR(params->decodedCallback->callbackString,
-                                  propName, (const char*)(params->sflv.value),
-                                  params->callbacksDataPtr);
+        RETURN_IF_CALLBACK_IERROR(
+            params->decodedCallback->callbackString, propName,
+            (const char*)(params->sflv.value), params->sflv.valueLength,
+            params->callbacksDataPtr);
     }
     params->state.encodedStreamOffset = params->sflv.valueEndOffset;
     return bejProcessEnding(params, /*canBeEmpty=*/false);