From ffb4250ae2a96f92d0921d939b13f65148548423 Mon Sep 17 00:00:00 2001
From: "Y. T. Chung" <zonyitoo@gmail.com>
Date: Thu, 28 Jun 2018 00:57:27 +0800
Subject: [PATCH] [#64] Do not panic if length of UTF-8 string is invalid

---
 src/decoder/mod.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/decoder/mod.rs b/src/decoder/mod.rs
index 9fd19b98..ffb47404 100644
--- a/src/decoder/mod.rs
+++ b/src/decoder/mod.rs
@@ -42,6 +42,10 @@ use serde::de::Deserialize;
 fn read_string<R: Read + ?Sized>(reader: &mut R, utf8_lossy: bool) -> DecoderResult<String> {
     let len = reader.read_i32::<LittleEndian>()?;
 
+    if len < 0 {
+        return Err(DecoderError::InvalidLength(0, "invalid length for UTF-8 string".to_owned()));
+    }
+
     let s = if utf8_lossy {
         let mut buf = Vec::with_capacity(len as usize - 1);
         reader.take(len as u64 - 1).read_to_end(&mut buf)?;