From 8a799967d1cb8e020ef5e9e1e79c016c0f11fc8f Mon Sep 17 00:00:00 2001
From: sabrina-shanman <sabrina@highfidelity.io>
Date: Wed, 1 May 2019 17:01:41 -0700
Subject: [PATCH] Do sanity checks on data length in readBinaryArray in
 FBXSerializer_Node.cpp

---
 libraries/fbx/src/FBXSerializer_Node.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libraries/fbx/src/FBXSerializer_Node.cpp b/libraries/fbx/src/FBXSerializer_Node.cpp
index f9ef84c6f2..717bc113dd 100644
--- a/libraries/fbx/src/FBXSerializer_Node.cpp
+++ b/libraries/fbx/src/FBXSerializer_Node.cpp
@@ -41,8 +41,14 @@ QVariant readBinaryArray(QDataStream& in, int& position) {
     quint32 compressedLength;
 
     in >> arrayLength;
+    if (arrayLength > std::numeric_limits<int>::max() / sizeof(T)) { // Upcoming byte containers are limited to max signed int
+        throw QString("FBX file most likely corrupt: binary data exceeds data limits");
+    }
     in >> encoding;
     in >> compressedLength;
+    if (compressedLength > std::numeric_limits<int>::max() / sizeof(T)) { // Upcoming byte containers are limited to max signed int
+        throw QString("FBX file most likely corrupt: compressed binary data exceeds data limits");
+    }
     position += sizeof(quint32) * 3;
 
     QVector<T> values;