From 105d994c3af725d8598bea5414a8553fc9f098e6 Mon Sep 17 00:00:00 2001
From: George Mossessian <gmossessian@gmail.com>
Date: Fri, 3 Nov 2023 11:04:34 -0700
Subject: [PATCH] avoid memory overflow on corrupted file

---
 lib/dawgdic/dictionary.h | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/dawgdic/dictionary.h b/lib/dawgdic/dictionary.h
index 118f2ef..3e32abf 100644
--- a/lib/dawgdic/dictionary.h
+++ b/lib/dawgdic/dictionary.h
@@ -49,10 +49,22 @@ class Dictionary {
     }
 
     SizeType size = static_cast<SizeType>(base_size);
-    std::vector<DictionaryUnit> units_buf(size);
-    if (!input->read(reinterpret_cast<char *>(&units_buf[0]),
-                     sizeof(DictionaryUnit) * size)) {
-      return false;
+    std::vector<DictionaryUnit> units_buf;
+
+     // read the file in batches to avoid a corrupted file from asking to allocate
+     // a very large amount of memory
+     SizeType batch_size = 1000;
+     while( size > 0 ) {
+       SizeType size_to_read = std::min(size, batch_size);
+       SizeType cur_size = units_buf.size();
+       units_buf.resize(cur_size + size_to_read);
+       if (!input->read(reinterpret_cast<char *>(&units_buf[cur_size]),
+                        sizeof(DictionaryUnit) * size_to_read)) {
+         return false;
+       }
+       // subtract size_to_read (not batch_size)
+       // so size does not integer overflow on becoming negative
+       size -= size_to_read;
     }
 
     SwapUnitsBuf(&units_buf);