From b044a70758f6df4b0e08ae395b6f46bff827fc1f Mon Sep 17 00:00:00 2001
From: "Y. T. Chung" <zonyitoo@gmail.com>
Date: Thu, 28 Jun 2018 00:57:27 +0800
Subject: [PATCH] [#64] Do not panic if length of UTF-8 string is invalid

---
 src/decoder/mod.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/decoder/mod.rs b/src/decoder/mod.rs
index ad3bbdc7..d5f926cd 100644
--- a/src/decoder/mod.rs
+++ b/src/decoder/mod.rs
@@ -44,6 +44,11 @@ use serde::de::Deserialize;
 fn read_string<R: Read + ?Sized>(reader: &mut R, utf8_lossy: bool) -> DecoderResult<String> {
     let len = reader.read_i32::<LittleEndian>()?;
 
+    // UTF-8 String must have at least 1 byte (the last 0x00).
+    if len < 1 {
+        return Err(DecoderError::InvalidLength(len as usize, format!("invalid length {} for UTF-8 string", len)));
+    }
+
     let s = if utf8_lossy {
         let mut buf = Vec::with_capacity(len as usize - 1);
         reader.take(len as u64 - 1).read_to_end(&mut buf)?;