chore: update string validation

PMK744 · PMK744 · commit 5e420fcd42c3 · 2025-07-12T11:33:07.000-05:00
diff --git a/src/types/strings/string16.rs b/src/types/strings/string16.rs
@@ -23,17 +23,27 @@ impl String16 {
    * Reads an unsigned 16-bit ( 2 bytes ) utf-8 string from the stream. ( 0 to 65535 )
   */
   pub fn read(stream: &mut BinaryStream, endian: Option<Endianness>) -> Result<String> {
+    // Read the length of the string.
     let length = match Uint16::read(stream, endian) {
-      Ok(value) => value as u32,
+      Ok(value) => value,
       Err(err) => return Err(err)
     };
 
-    let buffer = match stream.read(length) {
-      Ok(bytes) => bytes,
-      Err(err) => return Err(err)
-    };
+    // Length validation
+    let start = stream.offset as usize;
+    let end = start + length as usize;
+    if end > stream.binary.len() {
+      return Err(
+        napi::Error::new(
+          napi::Status::GenericFailure,
+          "String length exceeds available bytes in the stream.".to_string()
+        )
+      );
+    }
 
-    let value = String::from_utf8_lossy(&buffer).to_string();
+    // Read the string from the binary stream.
+    let value = String::from_utf8_lossy(&stream.binary[start..end]).to_string();
+    stream.offset += length as u32;
 
     Ok(value)
   }
diff --git a/src/types/strings/string32.rs b/src/types/strings/string32.rs
@@ -23,17 +23,27 @@ impl String32 {
    * Reads a signed 32-bit ( 4 bytes ) utf-8 string from the stream. ( 0 to 4294967295 )
   */
   pub fn read(stream: &mut BinaryStream, endian: Option<Endianness>) -> Result<String> {
+    // Read the length of the string.
     let length = match Uint32::read(stream, endian) {
-      Ok(value) => value,
+      Ok(value) => value as usize,
       Err(err) => return Err(err)
     };
 
-    let buffer = match stream.read(length) {
-      Ok(bytes) => bytes,
-      Err(err) => return Err(err)
-    };
+    // Length validation
+    let start = stream.offset as usize;
+    let end = start + length as usize;
+    if end > stream.binary.len() {
+      return Err(
+        napi::Error::new(
+          napi::Status::GenericFailure,
+          "String length exceeds available bytes in the stream.".to_string()
+        )
+      );
+    }
 
-    let value = String::from_utf8_lossy(&buffer).to_string();
+    // Read the string from the binary stream.
+    let value = String::from_utf8_lossy(&stream.binary[start..end]).to_string();
+    stream.offset += length as u32;
 
     Ok(value)
   }
@@ -55,4 +65,4 @@ impl FromNapiValue for String32 {
   unsafe fn from_napi_value(_: napi::sys::napi_env, _: napi::sys::napi_value) -> Result<Self> {
     Ok(String32 {})
   }
-}
+}
diff --git a/src/types/strings/varstring.rs b/src/types/strings/varstring.rs
@@ -22,17 +22,27 @@ impl VarString {
    * Reads a signed 32-bit ( 4 bytes ) utf-8 string from the stream. ( 0 to 4294967295 )
   */
   pub fn read(stream: &mut BinaryStream) -> Result<String> {
+    // Read the length of the string.
     let length = match VarInt::read(stream) {
-      Ok(value) => value,
+      Ok(value) => value as usize,
       Err(err) => return Err(err)
     };
 
-    let buffer = match stream.read(length) {
-      Ok(bytes) => bytes,
-      Err(err) => return Err(err)
-    };
+    // Length validation
+    let start = stream.offset as usize;
+    let end = start + length as usize;
+    if end > stream.binary.len() {
+      return Err(
+        napi::Error::new(
+          napi::Status::GenericFailure,
+          "String length exceeds available bytes in the stream.".to_string()
+        )
+      );
+    }
 
-    let value = String::from_utf8_lossy(&buffer).to_string();
+    // Read the string from the binary stream.
+    let value = String::from_utf8_lossy(&stream.binary[start..end]).to_string();
+    stream.offset += length as u32;
     
     Ok(value)
   }
@@ -55,4 +65,4 @@ impl FromNapiValue for VarString {
   unsafe fn from_napi_value(_: napi::sys::napi_env, _: napi::sys::napi_value) -> Result<Self> {
     Ok(VarString {})
   }
-}
+}
