From 0120a8f239d3d0e4790258107e1bb6566d7ce0dc Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 7 Oct 2020 23:08:20 +0300 Subject: [PATCH] stackitem: limit buffer/bytearray reads upon deserialization This is not the way it's done in C#, but that's the most sensible approach to me. --- pkg/vm/stackitem/serialization.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vm/stackitem/serialization.go b/pkg/vm/stackitem/serialization.go index f9a9c7390..f6b603718 100644 --- a/pkg/vm/stackitem/serialization.go +++ b/pkg/vm/stackitem/serialization.go @@ -98,7 +98,7 @@ func DecodeBinaryStackItem(r *io.BinReader) Item { switch t { case ByteArrayT, BufferT: - data := r.ReadVarBytes() + data := r.ReadVarBytes(MaxSize) return NewByteArray(data) case BooleanT: var b = r.ReadBool()