diff --git a/js/src/frontend/StencilXdr.cpp b/js/src/frontend/StencilXdr.cpp index 5b86d77b1c2b..aa7a417fc76e 100644 --- a/js/src/frontend/StencilXdr.cpp +++ b/js/src/frontend/StencilXdr.cpp @@ -455,6 +455,11 @@ template uint32_t index; MOZ_TRY(xdr->codeUint32(&index)); MOZ_TRY(codeParserAtom(xdr, &entry)); + if (mode == XDR_DECODE) { + if (index >= atomVectorLength) { + return xdr->fail(JS::TranscodeResult::Failure_BadDecode); + } + } builder.set(frontend::ParserAtomIndex(index), entry); }