Increase limit of serialized long strings

515e7028 · kwolekr · 5006ce82 · 515e7028 · 515e7028
Commit 515e7028 authored 9 years ago by kwolekr
--- a/src/util/serialize.cpp
+++ b/src/util/serialize.cpp
@@ -126,6 +126,10 @@ std::wstring deSerializeWideString(std::istream &is)
 std::string serializeLongString(const std::string &plain)
 {
 	char buf[4];
+
+	if (plain.size() > LONG_STRING_MAX)
+		throw SerializationError("String too long for serializeLongString");
+
 	writeU32((u8*)&buf[0], plain.size());
 	std::string s;
 	s.append(buf, 4);
@@ -147,8 +151,10 @@ std::string deSerializeLongString(std::istream &is)
 		return s;

 	// We don't really want a remote attacker to force us to allocate 4GB...
-	if (s_size > LONG_STRING_MAX)
-		throw SerializationError("deSerializeLongString: string too long");
+	if (s_size > LONG_STRING_MAX) {
+		throw SerializationError("deSerializeLongString: "
+			"string too long: " + itos(s_size) + " bytes");
+	}

 	Buffer<char> buf2(s_size);
 	is.read(&buf2[0], s_size);

--- a/src/util/serialize.h
+++ b/src/util/serialize.h
@@ -426,8 +426,8 @@ inline video::SColor readARGB8(std::istream &is)
 	More serialization stuff
 */

-// 8 MB is a conservative limit.  Increase later if problematic.
-#define LONG_STRING_MAX (8 * 1024 * 1024)
+// 64 MB ought to be enough for anybody - Billy G.
+#define LONG_STRING_MAX (64 * 1024 * 1024)

 // Creates a string with the length as the first two bytes
 std::string serializeString(const std::string &plain);