Add size check to fix out of bounds read risk (#7304)

commit: 74a25536be1d3242f52d98007a6a03934b675cbd [log] [tgz]
author: Björn Harrtell <bjornharrtell@users.noreply.github.com> Sat May 14 00:15:00 2022 +0200
committer: GitHub <noreply@github.com> Fri May 13 15:15:00 2022 -0700
tree: 5d6b583f3088900d7c8d961c8eb94cea4d767ad7
parent: 12917af8a2240174b87b63cd5c60174d18db2e24 [diff]
diff --git a/include/flatbuffers/verifier.h b/include/flatbuffers/verifier.h
index c8a88ee..d100bf4 100644
--- a/include/flatbuffers/verifier.h
+++ b/include/flatbuffers/verifier.h

@@ -164,10 +164,11 @@
     // gives the result we want.
     auto vtableo = tableo - static_cast<size_t>(ReadScalar<soffset_t>(table));
     // Check the vtable size field, then check vtable fits in its entirety.
-    return VerifyComplexity() && Verify<voffset_t>(vtableo) &&
+    if (!( VerifyComplexity() && Verify<voffset_t>(vtableo) &&
            VerifyAlignment(ReadScalar<voffset_t>(buf_ + vtableo),
-                           sizeof(voffset_t)) &&
-           Verify(vtableo, ReadScalar<voffset_t>(buf_ + vtableo));
+                           sizeof(voffset_t)))) return false;
+    auto vsize = ReadScalar<voffset_t>(buf_ + vtableo);
+    return Check((vsize & 1) == 0) && Verify(vtableo, vsize);
   }
 
   template<typename T>
commit	74a25536be1d3242f52d98007a6a03934b675cbd	[log] [tgz]
author	Björn Harrtell <bjornharrtell@users.noreply.github.com>	Sat May 14 00:15:00 2022 +0200
committer	GitHub <noreply@github.com>	Fri May 13 15:15:00 2022 -0700
tree	5d6b583f3088900d7c8d961c8eb94cea4d767ad7
parent	12917af8a2240174b87b63cd5c60174d18db2e24 [diff]