diff --git a/CHANGELOG.md b/CHANGELOG.md index d99566e7d..63936c0f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file. - LVGL Added OpenHASP icons to font `montserrat-28` - Matter fail to report Shutter status if no shutter is configured in Tasmota - Matter fix Waterleak broken after Berry solidification optimisation #21885 +- Berry avoid `readbytes()` from crashing when file is too large ### Removed - Berry remove reuse of methods for interface-like code reuse #21500 diff --git a/lib/libesp32/berry/src/be_filelib.c b/lib/libesp32/berry/src/be_filelib.c index cfb882b11..dcf661fde 100644 --- a/lib/libesp32/berry/src/be_filelib.c +++ b/lib/libesp32/berry/src/be_filelib.c @@ -10,6 +10,7 @@ #include "be_sys.h" #include "be_gc.h" #include "be_bytecode.h" +#include "be_vm.h" #include #define READLINE_STEP 100 @@ -71,12 +72,23 @@ static int i_readbytes(bvm *vm) void *fh = be_tocomptr(vm, -1); size_t size = readsize(vm, argc, fh); if (size) { + if (size > vm->bytesmaxsize) { + be_raise(vm, "memory_error", "size exceeds maximum allowed for bytes"); + } /* avoid double allocation, using directly the internal buffer of bytes() */ be_getbuiltin(vm, "bytes"); be_pushint(vm, size); be_call(vm, 1); /* call bytes() constructor with pre-sized buffer */ be_pop(vm, 1); /* bytes() instance is at top */ + /* read back the actual buffer size */ + be_getmember(vm, -1, ".size"); + int32_t bytes_size = be_toint(vm, -1); + be_pop(vm, 1); + if (bytes_size < (int32_t)size) { + be_raise(vm, "memory_error", "could not allocated buffer"); + } + be_getmember(vm, -1, "resize"); be_pushvalue(vm, -2); be_pushint(vm, size);