From 5bff08bf4d877dbdaff2645b32b243f58aa17764 Mon Sep 17 00:00:00 2001
From: Egor Ivkov <e.o.ivkov@gmail.com>
Date: Wed, 20 Mar 2024 19:59:32 +0300
Subject: [PATCH] fix: missing check for inconsistent vclock values in
 mp_decode_vclock_ignore0

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal
---
 src/box/xrow.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/box/xrow.c b/src/box/xrow.c
index 397e236866..1a2646c75a 100644
--- a/src/box/xrow.c
+++ b/src/box/xrow.c
@@ -113,9 +113,14 @@ mp_decode_vclock(const char **data, struct vclock *vclock)
 		if (mp_typeof(**data) != MP_UINT)
 			return -1;
 		uint32_t id = mp_decode_uint(data);
+		if (id >= VCLOCK_MAX)
+			return -1;
 		if (mp_typeof(**data) != MP_UINT)
 			return -1;
 		int64_t lsn = mp_decode_uint(data);
+		int64_t prev_lsn = vclock_get(vclock, id);
+		if (lsn <= prev_lsn)
+			return -1;
 		if (lsn > 0)
 			vclock_follow(vclock, id, lsn);
 	}
-- 
GitLab