From cc1c3a79631b00ca2659acedd32631bc1ca7aa81 Mon Sep 17 00:00:00 2001
From: Petteri Aimonen <jpa@git.mail.kapsi.fi>
Date: Mon, 8 Sep 2014 17:33:05 +0300
Subject: [PATCH] Add just-to-be-sure check to allocate_field().

This check will help to detect bugs earlier, and is quite lightweight
compared to malloc() anyway.
---
 pb_decode.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/pb_decode.c b/pb_decode.c
index e90fd1b..9352945 100644
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -482,18 +482,23 @@ static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t
 {    
     void *ptr = *(void**)pData;
     
+    if (data_size == 0 || array_size == 0)
+        PB_RETURN_ERROR(stream, "invalid size");
+    
     /* Check for multiplication overflows.
      * This code avoids the costly division if the sizes are small enough.
      * Multiplication is safe as long as only half of bits are set
      * in either multiplicand.
      */
-    const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4);
-    if (data_size >= check_limit || array_size >= check_limit)
     {
-        const size_t size_max = (size_t)-1;
-        if (size_max / array_size < data_size)
+        const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4);
+        if (data_size >= check_limit || array_size >= check_limit)
         {
-            PB_RETURN_ERROR(stream, "size too large");
+            const size_t size_max = (size_t)-1;
+            if (size_max / array_size < data_size)
+            {
+                PB_RETURN_ERROR(stream, "size too large");
+            }
         }
     }