Cherry pick PR #4091: Specify string size to prevent heap-buffer-over…

…flow. (#4094) Refer to the original PR: #4091 b/363029201 Co-authored-by: aee <[email protected]>
youtube · Sep 6, 2024 · 727a2b7 · 727a2b7
1 parent 4d181b3
commit 727a2b7
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/starboard/loader_app/slot_management.cc b/starboard/loader_app/slot_management.cc
@@ -140,7 +140,8 @@ bool ReadEvergreenVersion(std::vector<char>* manifest_file_path,
 
   Json::Reader reader;
   Json::Value obj;
-  if (!reader.parse(std::string(file_data.data()), obj) || !obj[kVersionKey]) {
+  if (!reader.parse(std::string(file_data.data(), file_size), obj) ||
+      !obj[kVersionKey]) {
     SB_LOG(WARNING) << "Failed to parse version from the manifest file at the "
                        "installation path.";
     return false;