From b3f36a3994d8607433253db0b8c19fd0ed1e38e5 Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Mon, 2 Sep 2024 23:23:38 -0400
Subject: [PATCH] Validate comments length before parsing

---
 src/Picocrypt.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Picocrypt.go b/src/Picocrypt.go
index 18d5841..3f995c5 100644
--- a/src/Picocrypt.go
+++ b/src/Picocrypt.go
@@ -2,7 +2,7 @@ package main
 
 /*
 
-Picocrypt v1.40
+Picocrypt v1.42
 Copyright (c) Evan Su
 Released under a GNU GPL v3 License
 https://github.com/Picocrypt/Picocrypt
@@ -59,7 +59,7 @@ var TRANSPARENT = color.RGBA{0x00, 0x00, 0x00, 0x00}
 
 // Generic variables
 var window *giu.MasterWindow
-var version = "v1.40"
+var version = "v1.42"
 var dpi float32
 var mode string
 var working bool
@@ -1388,6 +1388,12 @@ func work() {
 		tmp := make([]byte, 15)
 		fin.Read(tmp)
 		tmp, errs[1] = rsDecode(rs5, tmp)
+
+		if valid, err := regexp.Match(`^\d{5}$`, tmp); !valid || err != nil {
+			broken(fin, nil, "Unable to read comments length", true)
+			return
+		}
+
 		commentsLength, _ := strconv.Atoi(string(tmp))
 		fin.Read(make([]byte, commentsLength*3))
 		total -= int64(commentsLength) * 3