py/stream: Check for stream read function returning too many bytes.

This only happens if the underlying stream implementation is malformed, but results in unsigned integer overflow and out of bounds read otherwise. Second fix for #13046 - allows for possibility an invalid result comes back from a different stream implementation. This work was funded through GitHub Sponsors. Signed-off-by: Angus Gratton <angus@redyak.com.au>
2024-01-31 18:01:30 +11:00 · 2024-01-31 18:01:30 +11:00 · d278b460f3
commit d278b460f3
--- a/py/stream.c
+++ b/py/stream.c
@ -64,6 +64,11 @@ mp_uint_t mp_stream_rw(mp_obj_t stream, void *buf_, mp_uint_t size, int *errcode
        if (out_sz == 0) {
            return done;
        }
+        if (out_sz != MP_STREAM_ERROR && out_sz > size) {
+            // This can only happen if the filesystem implementation returned invalid out_sz
+            *errcode = MP_EINVAL;
+            out_sz = MP_STREAM_ERROR;
+        }
        if (out_sz == MP_STREAM_ERROR) {
            // If we read something before getting EAGAIN, don't leak it
            if (mp_is_nonblocking_error(*errcode) && done != 0) {