From d1bfb0515ebf45be3b726dbca6818853ae479c2c Mon Sep 17 00:00:00 2001
From: Angelo D <43831545+AngeloD2022@users.noreply.github.com>
Date: Sun, 1 Sep 2024 00:03:23 -0400
Subject: [PATCH] Add length checks for signature validation.

---
 src/jsxer/reader.cpp | 10 ++++++++++
 src/jsxer/reader.h   |  1 +
 2 files changed, 11 insertions(+)

diff --git a/src/jsxer/reader.cpp b/src/jsxer/reader.cpp
index b28f98a..cee927e 100644
--- a/src/jsxer/reader.cpp
+++ b/src/jsxer/reader.cpp
@@ -97,6 +97,16 @@ bool Reader::decrement_node_depth() {
 }
 
 bool Reader::verifySignature() {
+    if (_data.empty()) {
+        _error = ParseError::NoData;
+        return false;
+    }
+
+    if (_data.size() < JSXBIN_SIGNATURE_LEN) {
+        _error = ParseError::InvalidVersion;
+        return false;
+    }
+
     if ( utils::bytes_eq((uint8_t*) _data.data(), (uint8_t*) JSXBIN_SIGNATURE_V10, JSXBIN_SIGNATURE_LEN) ) {
         _version = JsxbinVersion::v10;
     } else if ( utils::bytes_eq((uint8_t*) _data.data(), (uint8_t*) JSXBIN_SIGNATURE_V20, JSXBIN_SIGNATURE_LEN) ) {
diff --git a/src/jsxer/reader.h b/src/jsxer/reader.h
index 8cfcb7d..3853899 100644
--- a/src/jsxer/reader.h
+++ b/src/jsxer/reader.h
@@ -27,6 +27,7 @@ enum class ParseError : int {
     InvalidVersion,
     ReachedEnd,
     DecodeError,
+    NoData,
 };
 
 enum class VariantType : int {