File tree Expand file tree Collapse file tree 2 files changed +10
-4
lines changed
Expand file tree Collapse file tree 2 files changed +10
-4
lines changed Original file line number Diff line number Diff line change 11# Change Log #
22
3+ ## 0.26.0
4+
5+ * Fixed an internal bounds checking error when resolving data pointers.
6+ The previous logic could cause a panic on a corrupt database.
7+
8+
39## 0.25.0 - 2025-02-16
410
511* Serde will now skip serialization of the GeoIP2 struct fields
Original file line number Diff line number Diff line change @@ -492,10 +492,10 @@ impl<'de, S: AsRef<[u8]>> Reader<S> {
492492 fn resolve_data_pointer ( & self , pointer : usize ) -> Result < usize , MaxMindDBError > {
493493 let resolved = pointer - ( self . metadata . node_count as usize ) - 16 ;
494494
495- if resolved > self . buf . as_ref ( ) . len ( ) {
496- return Err ( MaxMindDBError :: InvalidDatabaseError (
497- "the MaxMind DB file's search tree \
498- is corrupt "
495+ // Check bounds using pointer_base which marks the start of the data section
496+ if resolved >= ( self . buf . as_ref ( ) . len ( ) - self . pointer_base ) {
497+ return Err ( MaxMindDBError :: InvalidDatabaseError (
498+ "the MaxMind DB file's data pointer resolves to an invalid location "
499499 . to_owned ( ) ,
500500 ) ) ;
501501 }
You can’t perform that action at this time.
0 commit comments