Avoid reading uninitialized memory when validating MiniTable.
PiperOrigin-RevId: 506163723
diff --git a/upb/message/test.cc b/upb/message/test.cc
index cd372a0..f0e392d 100644
--- a/upb/message/test.cc
+++ b/upb/message/test.cc
@@ -655,4 +655,8 @@
// 0);
// }
//
+// TEST(FuzzTest, MapFieldVerify) {
+// DecodeEncodeArbitrarySchemaAndPayload({{"% ^!"}, {}, "", {}}, "", 0, 0);
+// }
+//
// end:google_only
diff --git a/upb/mini_table/decode.c b/upb/mini_table/decode.c
index 3c72c5b..4c4c5be 100644
--- a/upb/mini_table/decode.c
+++ b/upb/mini_table/decode.c
@@ -675,7 +675,7 @@
name, expected_num, (int)f->number);
}
- if (upb_IsRepeatedOrMap(f) || f->presence < 0) {
+ if (upb_IsRepeatedOrMap(f)) {
upb_MtDecoder_ErrorFormat(
d, "map %s cannot be repeated or map, or be in oneof", name);
}
@@ -705,6 +705,13 @@
UPB_UNREACHABLE();
}
+ upb_LayoutItem* end = UPB_PTRADD(d->vec.data, d->vec.size);
+ for (upb_LayoutItem* item = d->vec.data; item < end; item++) {
+ if (item->type == kUpb_LayoutItemType_OneofCase) {
+ upb_MtDecoder_ErrorFormat(d, "Map entry cannot have oneof");
+ }
+ }
+
upb_MtDecoder_ValidateEntryField(d, &d->table->fields[0], 1);
upb_MtDecoder_ValidateEntryField(d, &d->table->fields[1], 2);
