From 51f0e1a52fb885e6f146f7b3b70ed487fd1c8f5a Mon Sep 17 00:00:00 2001
From: Richard Moore <github@ricmoo.com>
Date: Mon, 19 Apr 2021 20:26:05 -0400
Subject: [PATCH] Fail early for ABI decoding that will obviously run out of
 data (#1486).

---
 packages/abi/src.ts/coders/array.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/packages/abi/src.ts/coders/array.ts b/packages/abi/src.ts/coders/array.ts
index 03d78d064b..449b23e99e 100644
--- a/packages/abi/src.ts/coders/array.ts
+++ b/packages/abi/src.ts/coders/array.ts
@@ -212,8 +212,19 @@ export class ArrayCoder extends Coder {
         let count = this.length;
         if (count === -1) {
             count = reader.readValue().toNumber();
-        }
 
+            // Check that there is *roughly* enough data to ensure
+            // stray random data is not being read as a length. Each
+            // slot requires at least 32 bytes for their value (or 32
+            // bytes as a link to the data). This could use a much
+            // tighter bound, but we are erroring on the side of safety.
+            if (count * 32 > reader._data.length) {
+                logger.throwError("insufficient data length", Logger.errors.BUFFER_OVERRUN, {
+                    length: reader._data.length,
+                    count: count
+                });
+            }
+        }
         let coders = [];
         for (let i = 0; i < count; i++) { coders.push(new AnonymousCoder(this.coder)); }