From 7aa75f7066c916eb8d92f340612328d5ad4ef69b Mon Sep 17 00:00:00 2001
From: Evan Hahn <me@evanhahn.com>
Date: Sun, 16 Apr 2023 21:31:01 +0000
Subject: [PATCH] Check length before allocating and iterating

If a chunk advertises a long length but that length couldn't possibly
fit, we can bail early. This lets us throw an error with a more
descriptive message and avoid needless operations.
---
 index.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 28d6674..b55f106 100644
--- a/index.js
+++ b/index.js
@@ -30,9 +30,15 @@ function extractChunks (data) {
     uint8[2] = data[idx++]
     uint8[1] = data[idx++]
     uint8[0] = data[idx++]
+    var length = uint32[0] + 4
+
+    // The length can't be too long.
+    var maxLength = data.length - idx + 8
+    if (length > maxLength) {
+      throw new Error('Length is too large')
+    }
 
     // Chunk includes name/type for CRC check (see below).
-    var length = uint32[0] + 4
     var chunk = new Uint8Array(length)
     chunk[0] = data[idx++]
     chunk[1] = data[idx++]