From 34e465a67e41b82b276050dde0b4b321c2cf1b18 Mon Sep 17 00:00:00 2001 From: Tim Ledbetter Date: Tue, 30 Jul 2024 15:04:32 +0100 Subject: [PATCH] LibWeb: Account for header size when reading MessagePort message payload Previously, the fact that this wasn't accounted for could lead to a crash when large messages were received. --- Userland/Libraries/LibWeb/HTML/MessagePort.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Userland/Libraries/LibWeb/HTML/MessagePort.cpp b/Userland/Libraries/LibWeb/HTML/MessagePort.cpp index f3412cb9e0f..e2ff9f0f99e 100644 --- a/Userland/Libraries/LibWeb/HTML/MessagePort.cpp +++ b/Userland/Libraries/LibWeb/HTML/MessagePort.cpp @@ -279,7 +279,7 @@ ErrorOr MessagePort::parse_message() [[fallthrough]]; } case SocketState::Data: { - if (num_bytes_ready < m_socket_incoming_message_size) + if (num_bytes_ready < HEADER_SIZE + m_socket_incoming_message_size) return ParseDecision::NotEnoughData; auto payload = m_buffered_data.span().slice(HEADER_SIZE, m_socket_incoming_message_size);