Fix large heap allocation during load broken files.

Vol-Alex · Vol-Alex · commit 971dc96e7f00 · 2021-09-28T17:51:58.000+02:00
diff --git a/kaitai/kaitaistream.cpp b/kaitai/kaitaistream.cpp
@@ -379,19 +379,23 @@ uint64_t kaitai::kstream::get_mask_ones(int n) {
 // ========================================================================
 
 std::string kaitai::kstream::read_bytes(std::streamsize len) {
-    std::vector<char> result(len);
-
     // NOTE: streamsize type is signed, negative values are only *supposed* to not be used.
     // http://en.cppreference.com/w/cpp/io/streamsize
     if (len < 0) {
         throw std::runtime_error("read_bytes: requested a negative amount");
     }
-
-    if (len > 0) {
-        m_io->read(&result[0], len);
+    else if (len == 0) {
+        return std::string();
+    }
+    else if (len > size())
+    {
+        throw std::runtime_error("read_bytes: requested length greater than stream size");
     }
 
-    return std::string(result.begin(), result.end());
+    std::string result(len, 0);
+    m_io->read(&result[0], len);
+
+    return result;
 }
 
 std::string kaitai::kstream::read_bytes_full() {
