cisco · RichLogan · Mar 22, 2024 · Mar 12, 2024 · Mar 12, 2024 · Mar 20, 2024
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -16,7 +16,7 @@ set_target_properties(gse
         CXX_EXTENSIONS NO)
 target_compile_options(gse PRIVATE
      $<$<OR:$<CXX_COMPILER_ID:Clang>,$<CXX_COMPILER_ID:AppleClang>,$<CXX_COMPILER_ID:GNU>>: -Wpedantic -Wextra -Wall>
-     $<$<CXX_COMPILER_ID:MSVC>: >)
+     $<$<CXX_COMPILER_ID:MSVC>: /W4 /WX>)
 
 if(WIN32)
     target_link_libraries(gse PRIVATE ws2_32)

diff --git a/src/gs_api_internal.cpp b/src/gs_api_internal.cpp
@@ -45,6 +45,7 @@
 #include <algorithm>
 #include <cstddef>
 #include <cstring>
+#include <limits>
 #include "gs_types.h"
 #include "gs_api_internal.h"
 
@@ -1112,8 +1113,14 @@ int GSDeserializeObject(GS_Decoder_Context_Internal &context,
     if (object.u.mesh1.num_vertices > 0)
     {
         // Allocate storage, storing the pointer for later deletion
+        const GS_VarUint vertices = object.u.mesh1.num_vertices;
+        if (vertices > std::numeric_limits<std::size_t>::max() / sizeof(GS_Loc1))
+        {
+            context.error = "Too many vertices to deserialize";
+            return -1;
+        }
         std::uint8_t *p = new std::uint8_t[sizeof(GS_Loc1) *
-                                           object.u.mesh1.num_vertices];
+                                           static_cast<std::size_t>(vertices)];
         context.allocations.push_back(p);
 
         // Assign the pointer to the object
@@ -1130,8 +1137,14 @@ int GSDeserializeObject(GS_Decoder_Context_Internal &context,
     if (object.u.mesh1.num_normals > 0)
     {
         // Allocate storage, storing the pointer for later deletion
+        const GS_VarUint normals = object.u.mesh1.num_normals;
+        if (normals > std::numeric_limits<std::size_t>::max() / sizeof(GS_Norm1))
+        {
+            context.error = "Too many normals to deserialize";
+            return -1;
+        }
         std::uint8_t *p = new std::uint8_t[sizeof(GS_Norm1) *
-                                           object.u.mesh1.num_normals];
+                                           static_cast<std::size_t>(normals)];
         context.allocations.push_back(p);
 
         // Assign the pointer to the object
@@ -1148,8 +1161,14 @@ int GSDeserializeObject(GS_Decoder_Context_Internal &context,
     if (object.u.mesh1.num_textures > 0)
     {
         // Allocate storage, storing the pointer for later deletion
+        const GS_VarUint textures = object.u.mesh1.num_textures;
+        if (textures > std::numeric_limits<std::size_t>::max() / sizeof(GS_TextureUV1))
+        {
+            context.error = "Too many textures to deserialize";
+            return -1;
+        }
         std::uint8_t *p = new std::uint8_t[sizeof(GS_TextureUV1) *
-                                           object.u.mesh1.num_textures];
+                                           static_cast<std::size_t>(textures)];
         context.allocations.push_back(p);
 
         // Assign the pointer to the object
@@ -1166,8 +1185,14 @@ int GSDeserializeObject(GS_Decoder_Context_Internal &context,
     if (object.u.mesh1.num_triangles > 0)
     {
         // Allocate storage, storing the pointer for later deletion
+        const GS_VarUint triangles = object.u.mesh1.num_triangles;
+        if (triangles > std::numeric_limits<std::size_t>::max() / sizeof(GS_VarUint))
+        {
+            context.error = "Too many triangles to deserialize";
+            return -1;
+        }
         std::uint8_t *p = new std::uint8_t[sizeof(GS_VarUint) *
-                                           object.u.mesh1.num_triangles];
+                                           static_cast<std::size_t>(triangles)];
         context.allocations.push_back(p);
 
         // Assign the pointer to the object

diff --git a/src/gs_decoder.cpp b/src/gs_decoder.cpp
@@ -44,6 +44,7 @@
  */
 
 #include "gs_decoder.h"
+#include <limits>
 
 namespace gs
 {
@@ -216,14 +217,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, GSObject &value)
  */
 std::size_t Decoder::Decode(DataBuffer &data_buffer, Head1 &value)
 {
-    VarUint length;
+    VarUint extracted_length;
     std::size_t read_length;
     std::size_t length_field;
 
     // Read the object length
-    length_field = read_length = Deserialize(data_buffer, length);
+    length_field = read_length = Deserialize(data_buffer, extracted_length);
 
-    if (!length.value) throw DecoderException("Invalid object length");
+    if (!extracted_length.value) throw DecoderException("Invalid object length");
+    if (extracted_length.value > std::numeric_limits<std::size_t>::max()) throw DecoderException("Object too large");
+    const std::size_t length = static_cast<std::size_t>(extracted_length.value);
 
     // Read all of the required fields (evaluation order matters)
     read_length += Deserialize(data_buffer, value.id);
@@ -232,7 +235,7 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Head1 &value)
     read_length += Deserialize(data_buffer, value.rotation);
 
     // Are optional elements present?
-    if ((read_length - length_field) < length.value)
+    if ((read_length - length_field) < length)
     {
         // Attempt to decode the HeadIPD1 object
         GSObject object;
@@ -248,17 +251,17 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Head1 &value)
         value.ipd = std::get<HeadIPD1>(object);
 
         // Discard any octets not understood
-        if ((read_length - length_field) < length.value)
+        if ((read_length - length_field) < length)
         {
-            data_buffer.AdvanceReadLength(length.value - read_length);
+            data_buffer.AdvanceReadLength(length - read_length);
 
             // Update the read_length
-            read_length += length.value - (read_length - length_field);
+            read_length += length - (read_length - length_field);
         }
     }
 
     // Did we read more octets than we should have?
-    if ((read_length - length_field) > length.value)
+    if ((read_length - length_field) > length)
     {
         throw DecoderException("Encoded object length error");
     }
@@ -289,14 +292,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Head1 &value)
  */
 std::size_t Decoder::Decode(DataBuffer &data_buffer, Hand1 &value)
 {
-    VarUint length;
+    VarUint extracted_length;
     std::size_t read_length;
     std::size_t length_field;
 
     // Read the object length
-    length_field = read_length = Deserialize(data_buffer, length);
+    length_field = read_length = Deserialize(data_buffer, extracted_length);
 
-    if (!length.value) throw DecoderException("Invalid object length");
+    if (!extracted_length.value) throw DecoderException("Invalid object length");
+    if (extracted_length.value > std::numeric_limits<std::size_t>::max()) throw DecoderException("Object too large");
+    const std::size_t length = static_cast<std::size_t>(extracted_length.value);
 
     // Read all of the required fields (evaluation order matters)
     read_length += Deserialize(data_buffer, value.id);
@@ -306,17 +311,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Hand1 &value)
     read_length += Deserialize(data_buffer, value.rotation);
 
     // Discard any octets not understood
-    if ((read_length - length_field) < length.value)
+    if ((read_length - length_field) < length)
     {
-        data_buffer.AdvanceReadLength(length.value -
-                                      (read_length - length_field));
+        data_buffer.AdvanceReadLength(length - (read_length - length_field));
 
         // Update the read_length
-        read_length += length.value - (read_length - length_field);
+        read_length += length - (read_length - length_field);
     }
 
     // Did we read more octets than we should have?
-    if ((read_length - length_field) > length.value)
+    if ((read_length - length_field) > length)
     {
         throw DecoderException("Encoded object length error");
     }
@@ -347,14 +351,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Hand1 &value)
  */
 std::size_t Decoder::Decode(DataBuffer &data_buffer, Hand2 &value)
 {
-    VarUint length;
+    VarUint extracted_length;
     std::size_t read_length;
     std::size_t length_field;
 
     // Read the object length
-    length_field = read_length = Deserialize(data_buffer, length);
+    length_field = read_length = Deserialize(data_buffer, extracted_length);
 
-    if (!length.value) throw DecoderException("Invalid object length");
+    if (!extracted_length.value) throw DecoderException("Invalid object length");
+    if (extracted_length.value > std::numeric_limits<std::size_t>::max()) throw DecoderException("Object too large");
+    const std::size_t length = static_cast<std::size_t>(extracted_length.value);
 
     // Read all of the required fields (evaluation order matters)
     read_length += Deserialize(data_buffer, value.id);
@@ -370,17 +376,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Hand2 &value)
     read_length += Deserialize(data_buffer, value.pinky);
 
     // Discard any octets not understood
-    if ((read_length - length_field) < length.value)
+    if ((read_length - length_field) < length)
     {
-        data_buffer.AdvanceReadLength(length.value -
-                                      (read_length - length_field));
+        data_buffer.AdvanceReadLength(length - (read_length - length_field));
 
         // Update the read_length
-        read_length += length.value - (read_length - length_field);
+        read_length += length - (read_length - length_field);
     }
 
     // Did we read more octets than we should have?
-    if ((read_length - length_field) > length.value)
+    if ((read_length - length_field) > length)
     {
         throw DecoderException("Encoded object length error");
     }
@@ -411,14 +416,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Hand2 &value)
  */
 std::size_t Decoder::Decode(DataBuffer &data_buffer, Mesh1 &value)
 {
-    VarUint length;
+    VarUint extracted_length;
     std::size_t read_length;
     std::size_t length_field;
 
     // Read the object length
-    length_field = read_length = Deserialize(data_buffer, length);
+    length_field = read_length = Deserialize(data_buffer, extracted_length);
 
-    if (!length.value) throw DecoderException("Invalid object length");
+    if (!extracted_length.value) throw DecoderException("Invalid object length");
+    if (extracted_length.value > std::numeric_limits<std::size_t>::max()) throw DecoderException("Object too large");
+    const std::size_t length = static_cast<std::size_t>(extracted_length.value);
 
     // Read all of the required fields (evaluation order matters)
     read_length += Deserialize(data_buffer, value.id);
@@ -428,17 +435,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Mesh1 &value)
     read_length += Deserialize(data_buffer, value.triangles);
 
     // Discard any octets not understood
-    if ((read_length - length_field) < length.value)
+    if ((read_length - length_field) < length)
     {
-        data_buffer.AdvanceReadLength(length.value -
-                                      (read_length - length_field));
+        data_buffer.AdvanceReadLength(length - (read_length - length_field));
 
         // Update the read_length
-        read_length += length.value - (read_length - length_field);
+        read_length += length - (read_length - length_field);
     }
 
     // Did we read more octets than we should have?
-    if ((read_length - length_field) > length.value)
+    if ((read_length - length_field) > length)
     {
         throw DecoderException("Encoded object length error");
     }
@@ -469,30 +475,31 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Mesh1 &value)
  */
 std::size_t Decoder::Decode(DataBuffer &data_buffer, HeadIPD1 &value)
 {
-    VarUint length;
+    VarUint extracted_length;
     std::size_t read_length;
     std::size_t length_field;
 
     // Read the object length
-    length_field = read_length = Deserialize(data_buffer, length);
+    length_field = read_length = Deserialize(data_buffer, extracted_length);
 
-    if (!length.value) throw DecoderException("Invalid object length");
+    if (!extracted_length.value) throw DecoderException("Invalid object length");
+    if (extracted_length.value > std::numeric_limits<std::size_t>::max()) throw DecoderException("Object too large");
+    const std::size_t length = static_cast<std::size_t>(extracted_length.value);
 
     // Read all of the required fields (evaluation order matters)
     read_length += Deserialize(data_buffer, value.ipd);
 
     // Discard any octets not understood
-    if ((read_length - length_field) < length.value)
+    if ((read_length - length_field) < length)
     {
-        data_buffer.AdvanceReadLength(length.value -
-                                      (read_length - length_field));
+        data_buffer.AdvanceReadLength(length - (read_length - length_field));
 
         // Update the read_length
-        read_length += length.value - (read_length - length_field);
+        read_length += length - (read_length - length_field);
     }
 
     // Did we read more octets than we should have?
-    if ((read_length - length_field) > length.value)
+    if ((read_length - length_field) > length)
     {
         throw DecoderException("Encoded object length error");
     }
@@ -549,14 +556,16 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, UnknownObject &value)
  */
 std::size_t Decoder::Decode(DataBuffer &data_buffer, Object1 &value)
 {
-    VarUint length;
+    VarUint extracted_length;
     std::size_t read_length;
     std::size_t length_field;
 
     // Read the object length
-    length_field = read_length = Deserialize(data_buffer, length);
+    length_field = read_length = Deserialize(data_buffer, extracted_length);
 
-    if (!length.value) throw DecoderException("Invalid object length");
+    if (!extracted_length.value) throw DecoderException("Invalid object length");
+    if (extracted_length.value > std::numeric_limits<std::size_t>::max()) throw DecoderException("Object too large");
+    const std::size_t length = static_cast<std::size_t>(extracted_length.value);
 
     // Read all of the required fields (evaluation order matters)
     read_length += Deserialize(data_buffer, value.id);
@@ -567,7 +576,7 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Object1 &value)
     read_length += Deserialize(data_buffer, value.active);
 
     // Are optional elements present?
-    if ((read_length - length_field) < length.value)
+    if ((read_length - length_field) < length)
     {
         // Attempt to decode the Parent object
         ObjectID parent;
@@ -577,17 +586,17 @@ std::size_t Decoder::Decode(DataBuffer &data_buffer, Object1 &value)
         value.parent = parent;
 
         // Discard any octets not understood
-        if ((read_length - length_field) < length.value)
+        if ((read_length - length_field) < length)
         {
-            data_buffer.AdvanceReadLength(length.value - read_length);
+            data_buffer.AdvanceReadLength(length - read_length);
 
             // Update the read_length
-            read_length += length.value - (read_length - length_field);
+            read_length += length - (read_length - length_field);
         }
     }
 
     // Did we read more octets than we should have?
-    if ((read_length - length_field) > length.value)
+    if ((read_length - length_field) > length)
     {
         throw DecoderException("Encoded object length error");
     }