diff --git a/include/flatbuffers/buffer.h b/include/flatbuffers/buffer.h index 154d187ab7..cd6359c5c3 100644 --- a/include/flatbuffers/buffer.h +++ b/include/flatbuffers/buffer.h @@ -130,7 +130,8 @@ struct IndirectHelper> { static return_type Read(const uint8_t* const p, const offset_type i) { // Offsets are relative to themselves, so first update the pointer to // point to the offset location. - const uint8_t* const offset_location = p + i * element_stride; + const uint8_t* const offset_location = + p + static_cast(i) * element_stride; // Then read the scalar value of the offset (which may be 32 or 64-bits) and // then determine the relative location from the offset location. @@ -140,7 +141,8 @@ struct IndirectHelper> { static mutable_return_type Read(uint8_t* const p, const offset_type i) { // Offsets are relative to themselves, so first update the pointer to // point to the offset location. - uint8_t* const offset_location = p + i * element_stride; + uint8_t* const offset_location = + p + static_cast(i) * element_stride; // Then read the scalar value of the offset (which may be 32 or 64-bits) and // then determine the relative location from the offset location. diff --git a/src/reflection.cpp b/src/reflection.cpp index 268d7d8515..a24772d717 100644 --- a/src/reflection.cpp +++ b/src/reflection.cpp @@ -16,6 +16,8 @@ #include "flatbuffers/reflection.h" +#include + #include "flatbuffers/util.h" // Helper functionality for reflection. @@ -384,7 +386,9 @@ void ForAllFields(const reflection::Object* object, bool reverse, // Create the mapping of field ID to the index into the vector. for (uint32_t i = 0; i < object->fields()->size(); ++i) { auto field = object->fields()->Get(i); - field_to_id_map[field->id()] = i; + if (field->id() < field_to_id_map.size()) { + field_to_id_map[field->id()] = i; + } } for (size_t i = 0; i < field_to_id_map.size(); ++i) { @@ -598,7 +602,9 @@ void SetString(const reflection::Schema& schema, const std::string& val, auto start = str_start + static_cast(sizeof(uoffset_t)); if (delta) { // Clear the old string, since we don't want parts of it remaining. - memset(flatbuf->data() + start, 0, str->size()); + if (start + str->size() <= flatbuf->size()) { + memset(flatbuf->data() + start, 0, str->size()); + } // Different size, we must expand (or contract). ResizeContext ctx(schema, start, delta, flatbuf, root_table); // Set the new length. @@ -613,8 +619,10 @@ uint8_t* ResizeAnyVector(const reflection::Schema& schema, uoffset_t newsize, const VectorOfAny* vec, uoffset_t num_elems, uoffset_t elem_size, std::vector* flatbuf, const reflection::Object* root_table) { - auto delta_elem = static_cast(newsize) - static_cast(num_elems); - auto delta_bytes = delta_elem * static_cast(elem_size); + auto delta_elem = + static_cast(newsize) - static_cast(num_elems); + auto delta_bytes = delta_elem * static_cast(elem_size); + if (delta_bytes < INT_MIN || delta_bytes > INT_MAX) { return nullptr; } auto vec_start = reinterpret_cast(vec) - flatbuf->data(); auto start = static_cast(vec_start) + static_cast(sizeof(uoffset_t)) + @@ -623,10 +631,11 @@ uint8_t* ResizeAnyVector(const reflection::Schema& schema, uoffset_t newsize, if (delta_elem < 0) { // Clear elements we're throwing away, since some might remain in the // buffer. - auto size_clear = -delta_elem * elem_size; + auto size_clear = static_cast(-delta_elem) * elem_size; memset(flatbuf->data() + start - size_clear, 0, size_clear); } - ResizeContext ctx(schema, start, delta_bytes, flatbuf, root_table); + ResizeContext ctx(schema, start, static_cast(delta_bytes), flatbuf, + root_table); WriteScalar(flatbuf->data() + vec_start, newsize); // Length field. // Set new elements to 0.. this can be overwritten by the caller. if (delta_elem > 0) {