From 7dc86fdeb0cbd8a99c4455d1b919e524c6b845a3 Mon Sep 17 00:00:00 2001
From: David Wendt <dcrkid@yahoo.com>
Date: Fri, 18 Jun 2021 18:52:57 -0400
Subject: [PATCH] swf: Throw an error if an ABC bitstream calls for a parameter
 with more optional parameters than actual ones.

---
 swf/src/avm2/read.rs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/swf/src/avm2/read.rs b/swf/src/avm2/read.rs
index cca583c27..55611ebc5 100644
--- a/swf/src/avm2/read.rs
+++ b/swf/src/avm2/read.rs
@@ -245,10 +245,12 @@ impl<'a> Reader<'a> {
 
         if flags & 0x08 != 0 {
             let num_optional_params = self.read_u30()? as usize;
-            let start = params.len() - num_optional_params;
-            let end = params.len();
-            for param in &mut params[start..end] {
-                param.default_value = Some(self.read_constant_value()?);
+            if let Some(start) = params.len().checked_sub(num_optional_params) {
+                for param in &mut params[start..] {
+                    param.default_value = Some(self.read_constant_value()?);
+                }
+            } else {
+                return Err(Error::invalid_data("Too many optional parameters"));
             }
         }