From 6ebd967345b814af4dc30ad16958f2ecd72ed279 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 11 Mar 2026 16:13:33 -0600 Subject: [PATCH] bounds check on ext_dump --- tests/quic.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/quic.c b/tests/quic.c index be1bab5780..29099a136c 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -731,9 +731,13 @@ static void ext_dump(const byte *data, size_t data_len, int indent) word16 len16, etype, i; printf("%*sextensions:\n", indent, " "); - while (idx < data_len) { + while (idx + 4 <= data_len) { ato16(&data[idx], &etype); /* extension type */ ato16(&data[idx+2], &len16); /* extension length */ + if (idx + 4 + len16 > data_len) { + printf(" unexpected extension length\n"); + break; + } printf(" extension: %04x [", etype); for (i = 0; i < len16; ++i) { printf("%s0x%02x", (i? ", ": ""), data[idx+4+i]);