The size field of maps, arrays and fields represents the whole storage size for the item.
When creating a new internal decoder (e.g. see ecbor_get_array_item() in normal mode), we use this size incorrectly to set the memory bound, since the provided buffer is not the start of the item but the start of the children.
This could lead to buffer overflow on incorrect use of the API (e.g. if index is larger than length).
We must subtract the item's header size from the total size when creating these decoders. Ideally, we could achieve this without using a new field.
The
sizefield of maps, arrays and fields represents the whole storage size for the item.When creating a new internal decoder (e.g. see
ecbor_get_array_item()in normal mode), we use this size incorrectly to set the memory bound, since the provided buffer is not the start of the item but the start of the children.This could lead to buffer overflow on incorrect use of the API (e.g. if
indexis larger thanlength).We must subtract the item's header size from the total size when creating these decoders. Ideally, we could achieve this without using a new field.